Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-11 Thread Joseph Salowey
On Mon, Nov 11, 2019 at 11:41 AM Alan DeKok wrote: > On Nov 11, 2019, at 12:52 PM, Owen Friel (ofriel) > wrote: > > > > [ofriel] Is the primary reason they MUST NOT be copied because of > encoding differences? UTF-8 vs. TLS raw bytes? > > Yes. EAP Identities are UTF-8 encoded strings.

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-11 Thread Alan DeKok
On Nov 11, 2019, at 12:52 PM, Owen Friel (ofriel) wrote: > > [ofriel] Is the primary reason they MUST NOT be copied because of encoding > differences? UTF-8 vs. TLS raw bytes? Yes. EAP Identities are UTF-8 encoded strings. Non-compliant identities will likely result in the packet being

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-11 Thread Owen Friel (ofriel)
> -Original Message- > From: Emu On Behalf Of Alan DeKok > Sent: 08 November 2019 12:43 > To: Joseph Salowey > Cc: EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > On Nov 7, 2019, at 11:08 PM, Joseph Salowey wr

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-11 Thread Owen Friel (ofriel)
> -Original Message- > From: Alan DeKok > Sent: 07 November 2019 17:48 > To: Owen Friel (ofriel) > Cc: Joseph Salowey ; draft-ietf-emu-eap-tl...@ietf.org; > John Mattsson ; Michael > Richardson ; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-08 Thread Alan DeKok
On Nov 7, 2019, at 11:08 PM, Joseph Salowey wrote: > [Joe] How about > "If an implementation supports an external PSK it MUST provide a way to > configure the realm so it can create an Anonymous NAI to send in the > EAP-Identity response. An EAP-TLS 1.3 implementation MUST NOT copy the >

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-07 Thread Alan DeKok
On Nov 7, 2019, at 12:30 PM, Owen Friel (ofriel) wrote: > [ofriel] TLS1.3 explicitly does not allow both PSK and certs simultaneously. > draft-ietf-tls-tls13-cert-with-extern-psk does, but that’s Experimental. I > don't think TLS with extern PSK is really intended for Web/Browser HTTPS >

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-07 Thread Owen Friel (ofriel)
> -Original Message- > From: Emu On Behalf Of Joseph Salowey > Sent: 31 October 2019 04:45 > To: Alan DeKok > Cc: draft-ietf-emu-eap-tl...@ietf.org; John Mattsson > ; Michael Richardson > ; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls1

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-04 Thread Alan DeKok
After checking the draft again, Section 2.1.4 does have comments about anonymizing the NAI. But those comments are limited to NAIs derived from certificates. I think that the text needs to be expanded to make the recommendations more genetic, and clearer. I hope that my previous message

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-03 Thread Joseph Salowey
On Fri, Nov 1, 2019 at 4:08 AM Alan DeKok wrote: > On Nov 1, 2019, at 6:15 AM, John Mattsson > wrote: > > I strongly support working group adoption of > draft-dekok-emu-tls-eap-types. Can we make sure to get this document going, > I agree that this is a very needed draft. I think it should

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-01 Thread Eliot Lear
Hi! > On 1 Nov 2019, at 13:05, Alan DeKok wrote: > > On Nov 1, 2019, at 7:53 AM, Eliot Lear wrote: >> >>> The EAP Identity used in resumption SHOULD be the same EAP Identity as was >>> used during the original authentication. This requirement allows EAP >>> packets to be routable through an

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-01 Thread Alan DeKok
On Nov 1, 2019, at 7:53 AM, Eliot Lear wrote: > >> The EAP Identity used in resumption SHOULD be the same EAP Identity as was >> used during the original authentication. This requirement allows EAP packets >> to be routable through an AAA infrastructure to the same destination as the >>

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-01 Thread Eliot Lear
Thanks, Alan. Please see below. > On 1 Nov 2019, at 12:08, Alan DeKok wrote: > > On Nov 1, 2019, at 6:15 AM, John Mattsson wrote: >> I strongly support working group adoption of draft-dekok-emu-tls-eap-types. >> Can we make sure to get this document going, I agree that this is a very >>

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-11-01 Thread Alan DeKok
On Nov 1, 2019, at 6:15 AM, John Mattsson wrote: > I strongly support working group adoption of draft-dekok-emu-tls-eap-types. > Can we make sure to get this document going, I agree that this is a very > needed draft. I think it should include updates for everything people wants > to use. I do

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-30 Thread Joseph Salowey
On Wed, Oct 30, 2019 at 4:12 AM Alan DeKok wrote: > On Oct 30, 2019, at 5:02 AM, Eliot Lear wrote: > > A fair argument, if it can be made, and I am not convinced it has been > fully expressed, is the idea that there is no context by which one can > separate fast restart and initial

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-30 Thread Joseph Salowey
> To: Eliot Lear > Cc: draft-ietf-emu-eap-tl...@ietf.org; John Mattsson 40ericsson@dmarc.ietf.org>; Michael Richardson ; > EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > On Oct 30, 2019, at 5:02 AM, Eliot Lear wrote: > > A fair argument,

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-30 Thread Jorge Vergara
--Original Message- From: Emu On Behalf Of Alan DeKok Sent: Wednesday, October 30, 2019 4:12 AM To: Eliot Lear Cc: draft-ietf-emu-eap-tl...@ietf.org; John Mattsson ; Michael Richardson ; EMU WG Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 On Oct 30, 2019, at 5:02 AM,

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-30 Thread Alan DeKok
On Oct 30, 2019, at 5:02 AM, Eliot Lear wrote: > A fair argument, if it can be made, and I am not convinced it has been fully > expressed, is the idea that there is no context by which one can separate > fast restart and initial authentication. This is Alan’s concern. I’m not > saying it’s

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-30 Thread Eliot Lear
> On 30 Oct 2019, at 06:22, Joseph Salowey wrote: > > > > On Fri, Oct 11, 2019 at 7:34 AM Eliot Lear > wrote: > > > > On 11 Oct 2019, at 16:09, Michael Richardson > > wrote: > > > > So, can wired just be a degenerate version of wifi, where

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-29 Thread Joseph Salowey
On Fri, Oct 11, 2019 at 7:34 AM Eliot Lear wrote: > > > > On 11 Oct 2019, at 16:09, Michael Richardson wrote: > > > > So, can wired just be a degenerate version of wifi, where there can be > only > > one "ESSID", and there are no beacons to consider? > > > On the whole that has been my thought.

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-11 Thread Eliot Lear
> On 11 Oct 2019, at 16:09, Michael Richardson wrote: > > So, can wired just be a degenerate version of wifi, where there can be only > one "ESSID", and there are no beacons to consider? On the whole that has been my thought. But it is a matter of which mechanism to degenerate to. Is it

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-11 Thread Michael Richardson
Eliot Lear wrote: >> Eliot Lear wrote: >>> Before we nail this down, it seems like we need to have a discussion >>> about how best to onboard wired IoT devices in particular from an >>> on-prem view. The issue here is that EAP-TLS-PSK is useful for that >>> purpose, as we

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-11 Thread Eliot Lear
> On 11 Oct 2019, at 13:04, Michael Richardson wrote: > > > Eliot Lear wrote: >> Before we nail this down, it seems like we need to have a discussion >> about how best to onboard wired IoT devices in particular from an >> on-prem view. The issue here is that EAP-TLS-PSK is useful for that

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-11 Thread Michael Richardson
Eliot Lear wrote: > Before we nail this down, it seems like we need to have a discussion > about how best to onboard wired IoT devices in particular from an > on-prem view. The issue here is that EAP-TLS-PSK is useful for that > purpose, as we discussed. Now there is nothing

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-11 Thread Mohit Sethi M
I am aware that Openssl has support for external PSK. The Selfie attack was demonstrated using this Openssl implementation: https://eprint.iacr.org/2019/347 However, the github issue you posted is still helpful. If I understand the resolution of this issue: Openssl will first check for a valid

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread John Mattsson
Mohit Sethi M mailto:mohit.m.se...@ericsson.com wrote: > Can you give an example of an existing TLS 1.3 deployment that offers both > resumption PSKs and external PSKs? Don’t know if it is deployed anywhere, but OpenSSL supports resumption of PSK sessions. There was a bug that stopped it from

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
Yes, but I do not see how EAP would differ from any other TLS deployment with external PSK. Can you give an example of an existing TLS 1.3 deployment that offers both resumption PSKs and external PSKs? EAP-TLS would not be different from other TLS deployments with external PSKs. However, so

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
t-ietf-emu-eap-tl...@ietf.org<mailto:draft-ietf-emu-eap-tl...@ietf.org>" mailto:draft-ietf-emu-eap-tl...@ietf.org>>, EMU WG mailto:emu@ietf.org>> Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: mailto:alias-boun...@ietf.org>> Resent to:

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Owen Friel (ofriel)
From: Emu On Behalf Of John Mattsson Sent: 10 October 2019 09:30 To: Mohit Sethi M ; Eliot Lear Cc: draft-ietf-emu-eap-tl...@ietf.org; John Mattsson ; EMU WG Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Mohit Sethi M mohit.m.se...@ericsson.com<mailto:mohit.m

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Eliot Lear
. My feeling is that adding some >> extension, but not other would be even more confusing. The diagrams are >> there to show the message flows, which have a strong connection to the EAP >> state machine. For other details I think implementors have to read RFC 8466. >>

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread John Mattsson
rnal-psk-importer fills a gap in the TLS 1.3 protocol, but is not a game changer in any way. John From: Mohit Sethi M Date: Thursday, 10 October 2019 at 10:03 To: Eliot Lear , John Mattsson Cc: "draft-ietf-emu-eap-tl...@ietf.org" , John Mattsson , EMU WG Subject: Re: [Emu] POST WGLC Comm

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread John Mattsson
the main specification. From: Mohit Sethi M Date: Thursday, 10 October 2019 at 09:55 To: John Mattsson , Eliot Lear , Joseph Salowey Cc: John Mattsson , "draft-ietf-emu-eap-tl...@ietf.org" , EMU WG Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Hi, Speaking pure

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
Cc: John Mattsson mailto:john.mattsson=40ericsson@dmarc.ietf.org>>, "draft-ietf-emu-eap-tl...@ietf.org<mailto:draft-ietf-emu-eap-tl...@ietf.org>" mailto:draft-ietf-emu-eap-tl...@ietf.org>>, EMU WG mailto:emu@ietf.org>> Subject: Re: [Emu] POST WGLC Comments dra

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Mohit Sethi M
t;draft-ietf-emu-eap-tl...@ietf.org"<mailto:draft-ietf-emu-eap-tl...@ietf.org> <mailto:draft-ietf-emu-eap-tl...@ietf.org>, EMU WG <mailto:emu@ietf.org> Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: <mailto:alias-boun...@ietf.org> Resent t

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-10 Thread Eliot Lear
a strong connection to the EAP >>> state machine. For other details I think implementors have to read RFC 8466. >>> >>> /John >>> >>> -Original Message- >>> From: Alan DeKok >> <mailto:al...@deployingradius.com>> &

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-07 Thread Alan DeKok
On Oct 7, 2019, at 10:55 AM, Eliot Lear wrote: > > If we evolve draft-lear-eap-teap-brski into a more generic TEAP update we > could cover TLS 1.3 there. Given Jouni's experience with implementing TEAP, that may be best. i.e. TEAP cannot be implemented as-is. The spec needs to be updated

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-07 Thread Eliot Lear
> On 7 Oct 2019, at 15:10, Alan DeKok wrote: > > On Oct 7, 2019, at 2:32 AM, John Mattsson > wrote: >> >> Joseph Salowey wrote: >> >>> Is the current published version up to date with the rest of the comments? >> >> Yes, to my knowledge, the current draft handles all the other comments.

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-07 Thread Alan DeKok
On Oct 7, 2019, at 2:32 AM, John Mattsson wrote: > > Joseph Salowey wrote: > >> Is the current published version up to date with the rest of the comments? > > Yes, to my knowledge, the current draft handles all the other comments. If we > decide to leave EAP-TLS PSK discussions for another

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-07 Thread John Mattsson
Joseph Salowey wrote: > Is the current published version up to date with the rest of the comments? Yes, to my knowledge, the current draft handles all the other comments. If we decide to leave EAP-TLS PSK discussions for another draft, I think draft-ietf-emu-eap-tls13-07 is ready to move

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-10-06 Thread Joseph Salowey
y, 18 September 2019 at 15:21 > To: "draft-ietf-emu-eap-tl...@ietf.org" , > EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > Resent from: > Resent to: John Mattsson , > Resent date: Wednesday, 18 September 2019 at 15:21 > > Just r

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-19 Thread Alan DeKok
On Sep 19, 2019, at 2:27 AM, Jim Schaad wrote: > > I am going to come down on the side of no PSK should not be supported. > However my issues have nothing to do with how things are implemented and > more to do with the security properties of the EAP method. I'm leaning that way myself. I'm

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-19 Thread Alan DeKok
On Sep 19, 2019, at 6:04 AM, John Mattsson wrote: > > I am starting to come down on the side the EAP-TLS PSK should be specified. > > - I think EAP-PSK should be phased out like all other methods not giving PFS. EAP-TLS using PSK has worse security properties than EAP-PSK, I think. > - The

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-19 Thread Owen Friel (ofriel)
> -Original Message- > From: John Mattsson > Sent: 19 September 2019 11:04 > To: Owen Friel (ofriel) ; Jim Schaad > ; 'Alan DeKok' > Cc: draft-ietf-emu-eap-tl...@ietf.org; 'EMU WG' > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > >

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-19 Thread John Mattsson
chaad , 'Alan DeKok' Cc: "draft-ietf-emu-eap-tl...@ietf.org" , 'EMU WG' Subject: RE: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: Resent to: John Mattsson , Resent date: Thursday, 19 September 2019 at 11:17 > -Original Message- > Fro

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-19 Thread Owen Friel (ofriel)
> -Original Message- > From: Jim Schaad > Sent: 19 September 2019 07:28 > To: 'Alan DeKok' ; Owen Friel (ofriel) > > Cc: draft-ietf-emu-eap-tl...@ietf.org; 'EMU WG' > Subject: RE: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > I am going to come

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-19 Thread Jim Schaad
can be used. Jim -Original Message- From: Emu On Behalf Of Alan DeKok Sent: Wednesday, September 18, 2019 2:59 PM To: Owen Friel (ofriel) Cc: draft-ietf-emu-eap-tl...@ietf.org; EMU WG Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 On Sep 18, 2019, at 5:42 PM, Owen

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Alan DeKok
On Sep 18, 2019, at 5:42 PM, Owen Friel (ofriel) wrote: > Giving some implementation guidance seems appropriate here. Naively, one > could envisage the implementation simply having a DB table for extern PSKs > and a table that holds NewSessionTickets. An implementation could simply > check the

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Owen Friel (ofriel)
.@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > > > > -Original Message- > > From: Alan DeKok > > Sent: 18 September 2019 14:40 > > To: John Mattsson > > Cc: Owen Friel (ofriel) ; draft-ietf-emu-eap- > >

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Owen Friel (ofriel)
> -Original Message- > From: Alan DeKok > Sent: 18 September 2019 14:40 > To: John Mattsson > Cc: Owen Friel (ofriel) ; draft-ietf-emu-eap- > tl...@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > > > &g

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Alan DeKok
> On Sep 18, 2019, at 9:21 AM, John Mattsson wrote: > > If I understand you correctly Alan, your implementation would have different > databases (one resumption DB and one external PSK DB) and you do not want to > do two database lookups. It's more about what *can* be done. RFC 8446

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread John Mattsson
, "draft-ietf-emu-eap-tl...@ietf.org" , EMU WG Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 On Sep 18, 2019, at 8:45 AM, Owen Friel (ofriel) wrote: > >> >> Which means that if PSK was allowed, the server can't look at the packets to

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Alan DeKok
Just re-reading the text on PSK, I noticed a few things. The text in Section 2.1.2 talks about PSK, the session ticket, and a "key_share" extension. The accompanying diagram doesn't include any of those. I suggest updating the diagram to include them. As a related note, if the PSK *is*

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Alan DeKok
On Sep 18, 2019, at 8:45 AM, Owen Friel (ofriel) wrote: > >> >> Which means that if PSK was allowed, the server can't look at the packets to >> distinguish resumption from "raw" PSK. Instead, the server has to look at >> it's >> resumption cache which may be in a DB. > > The server can use

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-18 Thread Owen Friel (ofriel)
> -Original Message- > From: Emu On Behalf Of Alan DeKok > Sent: 12 September 2019 16:28 > To: John Mattsson > Cc: draft-ietf-emu-eap-tl...@ietf.org; EMU WG > Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 > > On Sep 12, 2019, at 10:55 AM

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread Alan DeKok
On Sep 12, 2019, at 10:55 AM, John Mattsson wrote: > >> See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we >> *cannot* use PSK for >authentication in EAP-TLS. > > I don't understand why this could not be done. My view is that allowing PSK > authentication would be quite

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread John Mattsson
See comments inline -Original Message- From: Alan DeKok Date: Thursday, 12 September 2019 at 15:56 To: Aura Tuomas Cc: EMU WG , "draft-ietf-emu-eap-tl...@ietf.org" Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13 Resent from: Resent to: John Mattsson , R

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread Alan DeKok
On Sep 12, 2019, at 9:53 AM, Aura Tuomas wrote: > > I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids > PSK authentication. Why is that? See Section 2.1.2. TLS 1.3 uses PSK for resumption. As a result, we *cannot* use PSK for authentication in EAP-TLS. > While

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-09-12 Thread Aura Tuomas
I was looking at the EAP-TLS with TLS 1.3 draft and noticed that it forbids PSK authentication. Why is that? While there is the EAP-PSK method, I would much rather use EAP-TLS with PSK because it provides identity protection and perfect forward secrecy, unlike EAP-PSK. In fact, I think

Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13

2019-08-06 Thread Alan DeKok
On Aug 3, 2019, at 5:53 PM, Jim Schaad wrote: > > In section 5.7 - I am not sure why one could not re-check for revocation > when doing a resumption, I would expect that this is only server side that > would do it but the current paragraph two outlaws it. I think it's best to *always* apply