Hi, I am not very happy with adding an additional dummy roundtrip to the 5G certificate authentication. Fragmentation and slow databases can be optimized away (short chains, small certs, 4K or 9K frames) but a mandatory extra roundtrip stays forever.
Without fragmentation, EAP-TLS 1.3 is now worse than EAP-TLS 1.2 when it comes to latency. They have the same number of roundtrips for full handshake, but EAP-TLS 1.3 has one more for resumption. In practice, with a typical 1500 MTU, EAP-TLS 1.3 is probably faster as long as certificate compression (RFC8879, draft-mattsson-cose-cbor-cert-compress-06) are used. The suggestion from Jim to use application data was adopted as it did not introduce extra round-trips and allowed alerts. Is the principle of not using application data really worth introducing a mandatory extra round-trip? And is a mandatory extra dummy roundtrip really the best solution we can come up with? EAP-Request/ EAP-Type=EAP-TLS <-------- (TLS close_notify) EAP-Response/ EAP-Type=EAP-TLS --------> It looks kind of stupid .... After Jim suggested to use application data, the commitment issue was not discussed much more. Would e.g. using the reserved bits in the EAP-TLS packet be possible or would that cause problems? I think an extra round-trip is a sad conclusion to the EAP-TLS 1.3 work. John
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu