Hi, The draft "Using EAP-TLS with TLS 1.3" (draft-ietf-emu-eap-tls13-03) specifies the use of EAP-TLS with TLS 1.3:
https://tools.ietf.org/html/draft-ietf-emu-eap-tls13 https://github.com/emu-wg/draft-ietf-emu-eap-tls13 In Bangkok the EMU WG decided to analyse if some of the known attacks on TLS have relevance for EAP-TLS and if draft-ietf-emu-eap-tls13 should have some short security considerations on how when configure EAP-TLS to mitigate attacks when it is used with earlier versions of TLS (1.0, 1.1, 1.2). My understanding is that most of the attacks on TLS (e.g. the ones listed in RFC 7457) are less serious for EAP-TLS as EAP-TLS only uses the TLS handshake and does not protect any application data. I am currently planning to reference RFC 7525 and RFC 7457. Are there any other documents that are relevant to reference and are there any specific attacks that should be highlighted? I am thankful for any help or input. Cheers, John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
