draft-ietf-emu-eap-tls13-16 Section 2.1 contains the following text: EAP-TLS 1.3 remains backwards compatible with EAP-TLS 1.2 [RFC5216] . TLS version negotiation is handled by the TLS layer, and thus outside of the scope of EAP-TLS. Therefore so long as the underlying TLS implementation correctly implements TLS version negotiation, EAP-TLS will automatically leverage that capability.
I am concerned that this statement is potentially misleading. An implementation of RFC 5216 that negotiates TLS 1.2 and utilizes the key hierarchy defined in RFC 5216 Section 2.3 will not interoperate with an implementation of draft-ietf-emu-tls13-16 that also negotiates TLS 1.2 and utilizes the key hierarchy defined in Section 2.3 of that document. So in what sense is EAP-TLS 1.3 "backwards compatible" with EAP-TLS 1.2? The only way this makes sense to me is if it is stated that draft-ietf-emu-eap-tls13 applies only when TLS 1.3 is negotiated, and that if TLS 1.2, 1.1 or 1.0 is negotiated, then RFC 5216 applies.
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
