On Dec 21, 2017, at 8:40 AM, Jari Arkko <jari.ar...@piuha.net> wrote: > > I’ve been thinking of what to do with the EAP work that got discussed both in > the SAAG meeting last time (my drafts), as well on the list. The latter was > more on the EAP-TLS side, and it seems that the discussion has converged to a > reasonable direction recently. > > Wondering how we could get the work moving forward. The first thought that > came to my mind was to start a small working group. Thoughts? A very drafty > idea of what it would do is below. Comments appreciated.
The Session ID also needs to be defined for SIM and AKA, as per Jouni's comments. That doesn't fit in with AKA' changes. It may also be worth re-examining EAP-TLS. Modern certificates are getting large, and people are using longer certificate chains. The result can be that initial EAP-TLS authentication takes many packets. This has issues not just for latency, but also access point implementations. Most implementations will drop an EAP session if it hasn't finished after 40-50 packets. I've seen people run into this issue with large certificates and long certificate chains. It would be good to find a way to allow this use-case. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
