Reviewer: Kyle Rose
Review result: Has Nits
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG
Hi Joe,
Thanks for the quick response.
[Joe] If the server is offering an expired or revoked certificate then that
needs to be remedied on the server.
Where do you believe the value of OCSP comes into the picture for this EAP-TLS
use case and what actions need to be taken when a notification
On Tue, Oct 27, 2020 at 12:23 AM Eliot Lear wrote:
> Hi,
>
> >
> > [Joe] Yes I think it is fine to say EAP authentication method. I have
> been convinced that the spec requires crypto-binding with the basic
> password authentication. I'll need to add this in.
> >
>
> Keep in mind that there
On Tue, Oct 27, 2020 at 11:27 AM Hannes Tschofenig <
hannes.tschofe...@arm.com> wrote:
> Hi Joe,
>
>
>
> a few remarks below.
>
>
>
>
>
> On Fri, Oct 23, 2020 at 12:38 AM Hannes Tschofenig <
> hannes.tschofe...@arm.com> wrote:
>
> Hi Joe,
>
>
>
> I do not understand certificate revocation
Hi Joe,
a few remarks below.
On Fri, Oct 23, 2020 at 12:38 AM Hannes Tschofenig
mailto:hannes.tschofe...@arm.com>> wrote:
Hi Joe,
I do not understand certificate revocation checking is a topic specific to the
use of TLS 1.3 in EAP-TLS.
[Joe] TLS 1.3 discusses OCSP and (SCT). OCSP stapling
On Fri, Oct 23, 2020 at 12:38 AM Hannes Tschofenig <
hannes.tschofe...@arm.com> wrote:
> Hi Joe,
>
>
>
> I do not understand certificate revocation checking is a topic specific to
> the use of TLS 1.3 in EAP-TLS.
>
>
>
[Joe] TLS 1.3 discusses OCSP and (SCT). OCSP stapling is a revocation
Hi Alan,
> However, in the absence of another specification, we need to say *something*
> for EAP-TLS.
Why doesn't the group write that other document? There are several other EAP
methods that use certificates as well.
>> Wouldn’t this be a topic to address in ? IMHO
>> this would make
Hi,
>
> [Joe] Yes I think it is fine to say EAP authentication method. I have been
> convinced that the spec requires crypto-binding with the basic password
> authentication. I'll need to add this in.
>
Keep in mind that there might not even be basic auth. One case is that one
just
