On Jan 28, 2021, at 9:44 AM, John Mattsson wrote:
>
>> Hi,
>>
>> I am not very happy with adding an additional dummy roundtrip to the 5G
>> certificate authentication.
Dummy round trips are bad, unless they serve a purpose. The question here is
likely not "what's best" but "what's the
Hi,
I am not very happy with adding an additional dummy roundtrip to the 5G
certificate authentication. Fragmentation and slow databases can be optimized
away (short chains, small certs, 4K or 9K frames) but a mandatory extra
roundtrip stays forever.
Without fragmentation, EAP-TLS 1.3 is now
On Jan 27, 2021, at 3:25 PM, Joseph Salowey wrote:
> [Joe] It seems that resumption would help in the case that large certificates
> cause multiple round trips. Do you have an idea of how widespread resumption
> use is in current EAP-TLS implementations?
It's common. Perhaps not
On Wed, Jan 27, 2021 at 7:17 AM Alan DeKok
wrote:
> On Jan 27, 2021, at 10:09 AM, John Mattsson 40ericsson@dmarc.ietf.org> wrote:
> >
> > Looking at the GitHub version after the latest changes. I don't think
> the tradeoffs make sense anymore.
> >
> > - Full handshake is now 4.5 round-trips
On Jan 27, 2021, at 10:09 AM, John Mattsson
wrote:
>
> Looking at the GitHub version after the latest changes. I don't think the
> tradeoffs make sense anymore.
>
> - Full handshake is now 4.5 round-trips
Does that account for large / long certificate chains?
> - Resumption is now 4.5
Hi,
Looking at the GitHub version after the latest changes. I don't think the
tradeoffs make sense anymore.
- Full handshake is now 4.5 round-trips
- Resumption is now 4.5 round-trips.
This does not seem like a good tradeoff or optimization at all. If we instead
skipped Resumption, the full