Hi Alan > Alan DeKok <al...@deployingradius.com>; wrote: > >> The mentioned requirement comes from Section 2.4 of RFC 5216, which states >> that: >> >> "Since the ciphersuite negotiated within EAP-TLS applies only to the EAP >> conversation, TLS ciphersuite negotiation MUST NOT be used to negotiate the >> ciphersuites used to secure data." >> >> However, I do not really understand why such a requirement would be needed. > > I'm not even sure what that phrase means. Secure *what* data? > > The only data in question is the EAP conversation. Which is what the cipher > suite negotiation protects. > >> For instance, QUIC uses the TLS 1.3 handshake ciphersuite negotiation to >> negotiate the algorithms used in QUIC. If this is a problem, we should >> discuss if any updates are needed. > > I would expect that TLS negotiates cipher suites, and then uses those suites > to exchange application data. Which is what we need here for other EAP > types. And which is what I believe is what we already have. > > My $0.02 would be to figure out what that phrase in RFC 5216 means.
Sounds like a plan. >I suspect it *doesn't* mean that TLS 1.3 can be used to negotiate the >handshake, but then application data shouldn't be protected by TLS? > > That doesn't make sense... If we cannot come up with a good reason to have the requirement, I think we should consider removing it in draft-ietf-emu-eap-tls13. draft-ietf-emu-eap-tls13 already has a whole paragraph just trying to motivate why the use of an empty application data record does not violate this RFC 5216 requirement, and as you say, it gives the idea that other TLS-based EAP methods like TTLS / FAST / PEAP / TEAP is doing somebody bad. >I'll also note that RC 5216 Section 2.4 mentions mandatory to implement >ciphers, and this draft doesn't. It might be worth adding that, or adding a >note referencing an appropriate section of RFC 8446. draft-ietf-emu-eap-tls13-03 has the following paragraph in Section 2.4: OLD:"When EAP-TLS is used with TLS version 1.3 or higher, the EAP-TLS peers and servers MUST comply with the requirements for the TLS version used. For TLS 1.3 the compliance requirements are defined in Section 9 of [RFC8446]." Section 9 of RFC8446 list mandatory-to-implement cipher suites, signature algorithms, key exchange algorithms, and extensions. We could add some additional text be added draft-ietf-emu-eap-tls13 to clarify that the compliance requirements include cipher suites. NEW: "When EAP-TLS is used with TLS version 1.3 or higher, the EAP-TLS peers and servers MUST comply with the compliance requirements (cipher suites, signature algorithms, key exchange algorithms, extensions, etc.) for the TLS version used. For TLS 1.3 the compliance requirements are defined in Section 9 of [RFC8446]." Cheers, John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
