Re: [Emu] [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

Hi, I think the idea of a new TLS extension to make TLS 1.3 and EAP-TLS interact better is a very promising idea. This would probably take some time to get specified and implemented so it is probably a future optimization/simplification rather that something EAP-TLS 1.3 should wait for. An

Re: [Emu] Underspecification of EAP-TLS 1.3 State Machine

Hi Bernard, I (re-)read the papers you send. - "Extensible Authentication Protocol Vulnerabilities and Improvements Improvements" This paper talks attacks on availability by spoofing messages. It looks into a small amount of ways where spoofed messages causes the TLS connection to fail,

Re: [Emu] Underspecification of EAP-TLS 1.3 State Machine

I think the major decision for the EMU WG to make going forward is to agree if EAP-TLS 1.3 MUST have an alternative success indication. RFC 5216 does not discuss the EAP state machine at all, but in TLS 1.2 the server finished can be used as an alternative success indication. close_notify

Re: [Emu] [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

On Thu, Feb 4, 2021 at 12:57 AM John Mattsson wrote: > Hi, > > > > I think the idea of a new TLS extension to make TLS 1.3 and EAP-TLS > interact better is a very promising idea. This would probably take some > time to get specified and implemented so it is probably a future >

Re: [Emu] [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

From: Eric Rescorla Date: Thursday, 4 February 2021 at 15:32 To: John Mattsson Cc: EMU WG , Benjamin Kaduk , "t...@ietf.org" Subject: Re: [TLS] [Emu] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT) On Thu, Feb 4, 2021 at 6:29 AM Eric Rescorla

Re: [Emu] [TLS] Fwd: Benjamin Kaduk's Discuss on draft-ietf-emu-eap-tls13-13: (with DISCUSS and COMMENT)

On Thu, Feb 4, 2021 at 6:29 AM Eric Rescorla wrote: > > > On Thu, Feb 4, 2021 at 12:57 AM John Mattsson > wrote: > >> Hi, >> >> >> >> I think the idea of a new TLS extension to make TLS 1.3 and EAP-TLS >> interact better is a very promising idea. This would probably take some >> time to get

[Emu] Way Forward for EAP-TLS 1.3

Based on John's email [1] and a few other discussions I've had offline I'm proposing the following series of consensus calls to find a path forward: 1. Consensus on requiring result indicators using a 4.5 roundtrip protocol. I think this is a conservative approach that could move forward

Re: [Emu] Underspecification of EAP-TLS 1.3 State Machine

John said: "The keying material becomes available in the EAP-TLS server after the server Finished has been sent. The keying material becomes available in the EAP-TLS peer after the server Finished has been received." [BA] There is a distinction between when keys are available on the EAP

Re: [Emu] Underspecification of EAP-TLS 1.3 State Machine

Hi Bernard, 802.11 is a very important use case for EAP-TLS so if an authenticated alternate success indication is needed there, it absolutely needs to be supported by EAP-TLS 1.3 I updated the EAP state machine chapter based on your comments.