I think it would be perhaps useful to take some sort of reset on this thread :-) I think there are at least three groups of people talking past each other, and making assumptions that may not be correct.
While this isn’t really a topic that I’m driving, let me make a first cut at doing that reset. But I may not be correct either, feel free to suggest a better description of where the world is. But this is what I am seeing: 1. First, I don’t think I’ve seen any demand for any special pre-shared key EAP TLS version (from 3GPP or otherwise). From what I understand, if 3GPP wants to use EAP-TLS, they’d do it mostly for the certificates. 2. EAP-TLS continues to be important in the world, with lots of deployment, and potentially more coming down the line. 3. Anything we do should ensure installed base continues to work. 4. Documenting what the implications of using TLS 1.3 in EAP-TLS are seems useful advice. I don’t know how trivial this is, but at least there should be some security implications. 5. If there’s any need to profile algorithms or TLS versions or anything like that for any use case, it should be taken separately. And perhaps that’s something that any individual deployment can just do on their own. Jari P.S. I took Kathleen’s advice from earlier in this thread and start reducing the number of lists this discussion is copied on. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
