> The Session ID also needs to be defined for SIM and AKA, as per Jouni's > comments. That doesn't fit in with AKA' changes.
Yeah, I was thinking about that but didn’t go far enough. But you’re right. Maybe this needs to be a separate item for EAP-SIM. > It may also be worth re-examining EAP-TLS. Modern certificates are getting > large, and people are using longer certificate chains. The result can be > that initial EAP-TLS authentication takes many packets. This has issues not > just for latency, but also access point implementations. Most > implementations will drop an EAP session if it hasn't finished after 40-50 > packets. > > I've seen people run into this issue with large certificates and long > certificate chains. It would be good to find a way to allow this use-case. That’s interesting. Do you have any suggestions on what to do about this issue, or were you thinking about just stating that implementations should not stop that early in the exchange? Jari _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
