I've submitted a new revision of the TEAPv2 draft. I've added a new section based on discussions at IETF 123.
I'll note that in TEAPv1, we have multiple exchanges where the Crypto-Binding TLV is exchanged, but doesn't contain any useful information. e.g. Basic-Password TLV, PKCS#7 TLV, PKCS#10 TLV, etc. The previous revision of the TEAPv2 draft jumped through hoops trying to tie the inner data to the Crypto-Binding TLV. After some discussion with Russ and others, these steps aren't necessary. Instead, we can exchange some cryptographic binding in the first message from each party. Once that's done, we don't need to exchange the Crypto-Binding TLV in every message. We still know that the TLS tunnel is secure, and the protocol becomes much simpler. > On Oct 13, 2025, at 9:58 AM, [email protected] wrote: > > A new version of Internet-Draft draft-dekok-emu-teapv2-01.txt has been > successfully submitted by Alan DeKok and posted to the > IETF repository. > > Name: draft-dekok-emu-teapv2 > Revision: 01 > Title: Tunnel Extensible Authentication Protocol (TEAP) Version 2 > Date: 2025-10-13 > Group: Individual Submission > Pages: 13 > URL: https://www.ietf.org/archive/id/draft-dekok-emu-teapv2-01.txt > Status: https://datatracker.ietf.org/doc/draft-dekok-emu-teapv2/ > HTML: https://www.ietf.org/archive/id/draft-dekok-emu-teapv2-01.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-dekok-emu-teapv2 > Diff: https://author-tools.ietf.org/iddiff?url2=draft-dekok-emu-teapv2-01 > > Abstract: > > This document defines the Tunnel Extensible Authentication Protocol > (TEAP) version 2. It addresses a number of security and > interoperability issues in TEAPv1 which was defined in > [I-D.ietf-emu-rfc7170bis]. > > > > The IETF Secretariat > > _______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
