On Dec 21, 2017, at 9:07 AM, Jari Arkko <jari.ar...@piuha.net> wrote: > >> I've seen people run into this issue with large certificates and long >> certificate chains. It would be good to find a way to allow this use-case. > > That’s interesting. > > Do you have any suggestions on what to do about this issue, or were you > thinking about just stating that implementations should not stop that early > in the exchange?
I think it's good for implementations to have limits on the number of packets being exchanged. 40-50 is even a reasonable limit. The question I have is whether we can do anything to EAP-TLS to address the issue. Answering that question requires a deeper dive into TLS. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
