On Oct 23, 2020, at 3:37 AM, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > I do not understand certificate revocation checking is a topic specific to > the use of TLS 1.3 in EAP-TLS.
It's not. However, in the absence of another specification, we need to say *something* for EAP-TLS. > If this topic is important to the group then why isn’t this a generic > recommendations for all EAP methods that use public key based authentication? I believe it should be. I can update draft-ietf-emu-tls-eap-types to clarify this. Basically "almost everything else in EAP-TLS applies to all other TLS-based EAP types, too". > Wouldn’t this be a topic to address in <draft-ietf-emu-eaptlscert>? IMHO this > would make more sense given that <draft-ietf-emu-eaptlscert> talks about > large certificates and long certificate chains and any proposal to make those > even larger should be evaluated in this context. I think that the topics are related. But draft-ietf-emu-eap-tls13 is more about the protocol, and draft-ietf-emu-eaptlscert is more about deployment considerations. For me, this means that security issues such as certificate revocation checking belong in the protocol specification, not in a deployment guide. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu