I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids PSK
authentication. Why is that? While there is the EAP-PSK method, I would much
rather use EAP-TLS with PSK because it provides identity protection and perfect
forward secrecy, unlike EAP-PSK.
In fact, I think EAP-TLS
On Sep 12, 2019, at 9:53 AM, Aura Tuomas wrote:
>
> I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids
> PSK authentication. Why is that?
See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we
*cannot* use PSK for authentication in EAP-TLS.
> While
See comments inline
-Original Message-
From: Alan DeKok
Date: Thursday, 12 September 2019 at 15:56
To: Aura Tuomas
Cc: EMU WG , "draft-ietf-emu-eap-tl...@ietf.org"
Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
Resent from:
Resent to: John Mattsson ,
Resent date: Thu
On Sep 12, 2019, at 10:55 AM, John Mattsson wrote:
>
>> See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we
>> *cannot* use PSK for >authentication in EAP-TLS.
>
> I don't understand why this could not be done. My view is that allowing PSK
> authentication would be quite