Section 2.1.1 says: As stated in [RFC5216], the TLS cipher suite shall not be used to protect application data. This applies also for early application data. When EAP-TLS is used with TLS 1.3, early application data SHALL NOT be used.
I can't find any such statement in RFC 5216. So where does this requirement come from? In contrast, RFC 8446 Section 2 says: ... Once the handshake is complete, the peers use the established keys to protect the application-layer traffic. Which makes sense. My question here is whether the draft needs to be updated to clearer. Either that, or the text in the draft would seem to forbid other TLS-based EAP methods from sending application data... Perhaps the draft means that the application data should not be protected using the same traffic keys that protect the handshake, as defined in [RFC8446] Section 7.3 Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
