On Thu, 27 Jul 2023 at 23:39, Behcet Sarikaya <sarikaya2...@gmail.com> wrote:
> +1 to Heikki. > > I think the use of AAA, in particular EAP for IoT is simply not practical, > thanks to Heikki for making this specific. > It could be theoretically beautiful though :) > That was not my intention :) I wouldn't say that EAP for IoT is impractical, rather than there are many EAP methods and some are likely more suitable for constrained devices, and links, than the others. For example EAP-TLSv1.3 with certificates that encode ECC public keys, and without CA certificates sent over EAP, would provide both EAP peer identity hiding and shorter message than what's traditionally used (TLSv1.2 or earlier with full CA chains). EAP-pwd was also mentioned and while it doesn't provide EAP peer identity hiding, it authenticates with 4 short request-response pairs (1 for EAP Identity and 3 for EAP-pwd itself). -- Heikki Vatiainen h...@radiatorsoftware.com
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
