On Jan 11, 2021, at 1:07 AM, Joseph Salowey <[email protected]> wrote: > [Joe] I think you propose something like this instead (eliminating context): > > MSK = TLS-Exporter("EXPORTER_EAP_TLS_MSK-" + ASCII-Type-Code, 64) > > Where + is concatenation and ASCII-Type-Code is "13" > > the IANA section would explicitly list: EXPORTER_EAP_TLS_MSK-13
That's fine, but I have a minor forward-looking comment based on other EAP types. They'll have to do similar things. This is OK for 8-bit EAP types. This is more complex for the "extended" EAP types. For simplicity, I would suggest that the ASCII type code is represented as hex, instead of decimal. This makes implementations simpler. They can just hex-ify whatever EAP thing they have (8 bits, or more for extended types), and then append that to the "EXPORTER_EAP_TLS_MSK" string. Decimal is just ugly for computers to deal with. :) > [Joe] I see your point that we should eliminate the context and include the > type code in the label as it will always be the same for EAP-TLS (which also > goes to the point that has been made by several people that this value may be > redundant since we would expect another EAP type to use a different label). > In the past, people have used TLS in all sorts of innovative and unique ways > in different EAP methods all loosely based on EAP-TLS. I don't see this > usage as too far outside the intended use of the context field (the value > should match on both sides) and I think including the type value in the > context value would help avoid some potential implementation problems if the > key derivation is reused for another method. I agree here. I think it's simpler conceptually, for implementations, and there's less for IANA to deal with. But maybe the TLS people have a strong opposition to using the context in this way. In that case, it's ugly, more work for everyone, but still possible to just append the hexified EAP type code to the label. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
