Hi,
I am not very happy with adding an additional dummy roundtrip to the 5G
certificate authentication. Fragmentation and slow databases can be optimized
away (short chains, small certs, 4K or 9K frames) but a mandatory extra
roundtrip stays forever.
Without fragmentation, EAP-TLS 1.3 is now worse than EAP-TLS 1.2 when it comes
to latency. They have the same number of roundtrips for full handshake, but
EAP-TLS 1.3 has one more for resumption. In practice, with a typical 1500 MTU,
EAP-TLS 1.3 is probably faster as long as certificate compression (RFC8879,
draft-mattsson-cose-cbor-cert-compress-06) are used.
The suggestion from Jim to use application data was adopted as it did not
introduce extra round-trips and allowed alerts. Is the principle of not using
application data really worth introducing a mandatory extra round-trip? And is
a mandatory extra dummy roundtrip really the best solution we can come up with?
EAP-Request/
EAP-Type=EAP-TLS
<-------- (TLS close_notify)
EAP-Response/
EAP-Type=EAP-TLS -------->
It looks kind of stupid ....
After Jim suggested to use application data, the commitment issue was not
discussed much more. Would e.g. using the reserved bits in the EAP-TLS packet
be possible or would that cause problems? I think an extra round-trip is a sad
conclusion to the EAP-TLS 1.3 work.
John
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
