On Dec 21, 2017, Alan DeKok wrote: >The question I have is whether we can do anything to EAP-TLS to address the >issue. Answering that question >requires a deeper dive into TLS.
In TLS 1.3, ECC is mandatory to support. This drastically reduces the sizes of certificates and signatures (public key sizes from 384 bytes (RSA and DHE) to 32 bytes (ECDHE) and signatures from 384 bytes (RSA) to 64 bytes (ECDSA and EdDSA) ). Anything for older version of TLS would have to be pure recommendations or guidance to preserve backward compatibility. I think we should update the charter to cover guidance on how to handle large certificates and long certificate chains in EAP-TLS with all versions of TLS. This could be handled in the same bullet as “guidance or update to enable the use of TLS 1.3”. Cheers, John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu