Hi Alan
some first thoughts
Section 3.1, first bullet point on automation: I would mention "zero
touch". That should be the goal from a user's perspective.
Section 3.1, fifth (sixth) bullet point on mutual exchange of
identities: How is that supposed to work? Don't get me wrong, I
understand the rationale. But that requires a user to understand if the
identity of the server is correct. I don't think that is a safe assumption.
Section 3.1, last bullet point: I agree on the technical rationale.
However that must be dead simple to verify from a user perspective
General comment: EAP configuration and implementation is certainly one
issue, but the whole certificate stuff is terrible from a user's point
of view. We could try to solve it in this draft, but it certainly
touches a lot of topics.
Will keep reading...
best regards
Carolin
On 7/12/21 7:57 PM, Alan DeKok wrote:
I've submitted an "EAP usability" document. The title could perhaps
be better.
It gives guidelines, requirements, and practices for making it
easier to use TLS-based EAP methods.
I've asked the chairs for time at the next IETF to discuss this.
Until then, any feedback / comments are welcome.
Begin forwarded message:
*From: *[email protected] <mailto:[email protected]>
*Subject: **New Version Notification for
draft-dekok-emu-eap-usability-00.txt*
*Date: *July 12, 2021 at 1:55:58 PM EDT
*To: *"Alan DeKok" <[email protected]
<mailto:[email protected]>>
A new version of I-D, draft-dekok-emu-eap-usability-00.txt
has been successfully submitted by Alan DeKok and posted to the
IETF repository.
Name:draft-dekok-emu-eap-usability
Revision:00
Title:EAP Usability
Document date:2021-07-12
Group:Individual Submission
Pages:58
URL:
https://www.ietf.org/archive/id/draft-dekok-emu-eap-usability-00.txt
<https://www.ietf.org/archive/id/draft-dekok-emu-eap-usability-00.txt>
Status:
https://datatracker.ietf.org/doc/draft-dekok-emu-eap-usability/
<https://datatracker.ietf.org/doc/draft-dekok-emu-eap-usability/>
Htmlized:
https://datatracker.ietf.org/doc/html/draft-dekok-emu-eap-usability
<https://datatracker.ietf.org/doc/html/draft-dekok-emu-eap-usability>
Abstract:
This document defines methods which enable simpler deployment of TLS-
based EAP methods. It defines new certificate fields, and uses
existing certificate fields in order describe new methods for
bootstrapping security. The methods defined here change TLS-based
EAP supplicant configuration from a complex and insecure process to
one that is automated, and is essentially trivial. These methods are
still, however, compatible with existing standards and practices.
The IETF Secretariat
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
