Roman Danyliw has entered the following ballot position for draft-ietf-emu-tls-eap-types-12: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Thank you to Melinda Shore for the SECDIR review. ** Section 2.4 It is therefore RECOMMENDED that EAP servers always send a TLS NewSessionTicket message, even if resumption is not configured. When the EAP peer attempts to use the ticket, the EAP server can instead request a full authentication. Implementations SHOULD NOT send NewSessionTicket messages until the "inner tunnel" authentication has completed, in order to take full advantage of the message as a protected success indication. It is my understanding that this SHOULD NOT is based in implementation realities. Can text be added to establish the basis for this not being “MUST NOT”. Please also add cross-references as appropriate into the document on the same topic. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
