Just a note on NAI realm. 2.1.3 says: For example, the NAI @realm can safely be reused since it does not provide any specific information to associate a user's resumption attempt with the original full handshake. However, reusing the NAI P2ZIM2F+OEVAO21nNWg2bVpgNnU=@realm enables an on-path attacker to associate a resumption attempt with the original full handshake. The TLS PSK identity is typically derived by the TLS implementation and may be an opaque blob without a routable realm. The TLS PSK identity is therefore in general unsuitable for deriving a NAI to use in the Identity Response.
This text is good, but could perhaps be clearer. It's not obvious where the NAI "P2ZIM2F+OEVAO21nNWg2bVpgNnU=@realm" comes from. The subsequent text referring to TLS PSK identity is, in fact, unrelated. But having the two subjects next to each other could be misleading. i.e. discuss "P2ZIM2F+OEVAO21nNWg2bVpgNnU=@realm" in the context of an NAI which is secure, and hides identities, but is unique and allows tracking. Separately, discuss TLS PSK Identity. Perhaps it would be good to note that the TLS PSK identity is only used by the TLS layer, and therefore is entirely unrelated to the EAP Response Identity. As such, from the standpoint of layer separation, the TLS PSK identity MUST NOT be used to derive an EAP Response Identity. It may also be worth noting that like RFC 7542, this document uses "@realm" as a short-hand for the realm. But also that single-label realm names are forbidden by RFC 7542 Section 2.2. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
