Hi,
I think the idea of a new TLS extension to make TLS 1.3 and EAP-TLS interact
better is a very promising idea. This would probably take some time to get
specified and implemented so it is probably a future
optimization/simplification rather that something EAP-TLS 1.3 should wait for.
An
Hi Bernard,
I (re-)read the papers you send.
- "Extensible Authentication Protocol Vulnerabilities and Improvements
Improvements"
This paper talks attacks on availability by spoofing messages. It looks into
a small amount of ways where spoofed messages causes the TLS connection to
fail,
I think the major decision for the EMU WG to make going forward is to agree if
EAP-TLS 1.3 MUST have an alternative success indication. RFC 5216 does not
discuss the EAP state machine at all, but in TLS 1.2 the server finished can be
used as an alternative success indication.
close_notify
On Thu, Feb 4, 2021 at 12:57 AM John Mattsson
wrote:
> Hi,
>
>
>
> I think the idea of a new TLS extension to make TLS 1.3 and EAP-TLS
> interact better is a very promising idea. This would probably take some
> time to get specified and implemented so it is probably a future
>
From: Eric Rescorla
Date: Thursday, 4 February 2021 at 15:32
To: John Mattsson
Cc: EMU WG , Benjamin Kaduk , "t...@ietf.org"
Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on
draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)
On Thu, Feb 4, 2021 at 6:29 AM Eric Rescorla
On Thu, Feb 4, 2021 at 6:29 AM Eric Rescorla wrote:
>
>
> On Thu, Feb 4, 2021 at 12:57 AM John Mattsson
> wrote:
>
>> Hi,
>>
>>
>>
>> I think the idea of a new TLS extension to make TLS 1.3 and EAP-TLS
>> interact better is a very promising idea. This would probably take some
>> time to get
Based on John's email [1] and a few other discussions I've had offline I'm
proposing the following series of consensus calls to find a path forward:
1. Consensus on requiring result indicators using a 4.5 roundtrip
protocol. I think this is a conservative approach that could move forward
John said:
"The keying material becomes available in the EAP-TLS server after the
server Finished has been sent. The keying material becomes available
in the EAP-TLS peer after the server Finished has been received."
[BA] There is a distinction between when keys are available on the EAP
Hi Bernard,
802.11 is a very important use case for EAP-TLS so if an authenticated
alternate success indication is needed there, it absolutely needs to be
supported by EAP-TLS 1.3
I updated the EAP state machine chapter based on your comments.