The big question is "Why not create a new EAP method"? The overall intent seems to be to create an pre-shared key EAP method optimized for 5G, based on EAP-TLS v1.3.
Since the protocol described will not interoperate with any of the existing 2+ billion EAP-TLS devices, why reuse the EAP-TLS code point or EAP-TLS name? What has been described is an entirely distinct authentication method, not a "clarification" to an existing specification. In fact, from how it has been described, it would appear that the new protocol is only for use with new devices supporting 5G and new 5G servers supporting the new method. In which case, if the new method is not for general use on the Internet, why can't 3GPP just define the method themselves and allocate their own private EAP type code? On Thu, Nov 16, 2017 at 4:02 AM, Jari Arkko <jari.ar...@piuha.net> wrote: > I don’t want to push the decision in either direction without looking into > the details. > > But I wanted to point out that there’s usually a third alternative between > “no need for new documents” and “need a new RFC to describe the new > version”. Explaining that the old protocol can be used and what the > implications are may by itself be a useful document. In the specific > example, is not immediately obvious to me for instance if the security > consideration would somehow change, or if 0-RTT can or can not be used, etc. > > Jari > >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
