Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread Alan DeKok
On Sep 12, 2019, at 10:55 AM, John Mattsson wrote: > >> See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we >> *cannot* use PSK for >authentication in EAP-TLS. > > I don't understand why this could not be done. My view is that allowing PSK > authentication would be quite

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread John Mattsson
See comments inline -Original Message- From: Alan DeKok Date: Thursday, 12 September 2019 at 15:56 To: Aura Tuomas Cc: EMU WG , "draft-ietf-emu-eap-tl...@ietf.org" Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: Resent to: John Mattsson , Resent date:

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread Alan DeKok
On Sep 12, 2019, at 9:53 AM, Aura Tuomas wrote: > > I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids > PSK authentication. Why is that? See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we *cannot* use PSK for authentication in EAP-TLS. > While

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread Aura Tuomas
I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids PSK authentication. Why is that? While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK because it provides identity protection and perfect forward secrecy, unlike EAP-PSK. In fact, I think