Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-08 Thread Alan DeKok
On Jul 8, 2021, at 12:42 PM, Joseph Salowey wrote: > > I created PR that I think captures these suggestions and another editorial > fix - https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/87 I think it looks good. Alan DeKok. ___ Emu

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-08 Thread Joseph Salowey
I created PR that I think captures these suggestions and another editorial fix - https://github.com/emu-wg/draft-ietf-emu-eap-tls13/pull/87 Cheers, Joe On Thu, Jul 8, 2021 at 9:36 AM Oleg Pekar wrote: > > > On Thu, Jul 8, 2021 at 8:31 AM Mohit Sethi M > wrote: > >> Hi Oleg, Joe, all, >> On

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-08 Thread Oleg Pekar
On Thu, Jul 8, 2021 at 8:31 AM Mohit Sethi M wrote: > Hi Oleg, Joe, all, > On 7/8/21 8:06 AM, Joseph Salowey wrote: > > > > On Tue, Jul 6, 2021 at 10:08 PM Joseph Salowey wrote: > >> >> >> On Mon, Jun 28, 2021 at 8:11 AM Oleg Pekar >> wrote: >> >>> I still see unclearness in Section "2.2.

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-08 Thread Joseph Salowey
On Thu, Jul 8, 2021 at 6:11 AM Alan DeKok wrote: > On Jul 8, 2021, at 2:52 AM, tom.ri...@securew2.com wrote: > > Maybe this has been discussed already, but we often see the need for > multiple root cas when people are migrating the root CA of their RADIUS > server. They would then configure both

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-08 Thread Alan DeKok
On Jul 8, 2021, at 2:52 AM, tom.ri...@securew2.com wrote: > Maybe this has been discussed already, but we often see the need for multiple > root cas when people are migrating the root CA of their RADIUS server. They > would then configure both the old and new Root CA in the client to allow >

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-08 Thread tom.rixom
for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17) Hi Oleg, Joe, all, On 7/8/21 8:06 AM, Joseph Salowey wrote: On Tue, Jul 6, 2021 at 10:08 PM Joseph Salowey mailto:j...@salowey.net> > wrote: On Mon, Jun 28, 2021 at 8:11 AM Oleg Pekar mailto:oleg.pekar.2...@gmail.com

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-07 Thread Mohit Sethi M
Hi Oleg, Joe, all, On 7/8/21 8:06 AM, Joseph Salowey wrote: On Tue, Jul 6, 2021 at 10:08 PM Joseph Salowey mailto:j...@salowey.net>> wrote: On Mon, Jun 28, 2021 at 8:11 AM Oleg Pekar mailto:oleg.pekar.2...@gmail.com>> wrote: I still see unclearness in Section "2.2. Identity Verification",

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-07 Thread Joseph Salowey
On Tue, Jul 6, 2021 at 10:08 PM Joseph Salowey wrote: > > > On Mon, Jun 28, 2021 at 8:11 AM Oleg Pekar > wrote: > >> I still see unclearness in Section "2.2. Identity Verification", I'm >> trying to look from the implementer's perspective. >> >> 1) "Since EAP-TLS deployments may use more than

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-07-06 Thread Joseph Salowey
On Mon, Jun 28, 2021 at 8:11 AM Oleg Pekar wrote: > I still see unclearness in Section "2.2. Identity Verification", I'm > trying to look from the implementer's perspective. > > 1) "Since EAP-TLS deployments may use more than one EAP >server, each with a different certificate, EAP peer

Re: [Emu] WG Last Call for Using EAP-TLS with TLS 1.3 (draft-ietf-emu-eap-tls13-17)

2021-06-28 Thread Oleg Pekar
I still see unclearness in Section "2.2. Identity Verification", I'm trying to look from the implementer's perspective. 1) "Since EAP-TLS deployments may use more than one EAP server, each with a different certificate, EAP peer implementations SHOULD allow for the configuration of a unique