This question isn't directly applicable to EAP-TLS, but it is related. There are multiple EAP methods that use TLS, and presumably all of them will enable session resumption. The question is, what do we do with cross-method session resumption?
i.e. a user starts with EAP-TLS, and then tries to "resume" his session, but this time uses TTLS. It's not clear that anything in the spec forbids or prevents this. It's not clear if this resumption is an issue, but it should be highlighted. The issue is made more difficult by the fact that session resumption is usually done at the TLS layer. This means there is minimal ability for the EAP layer to cross-check method types. If we do allow it, it should be called out explicitly in the EAP-TLS document. If we don't allow it, we should find a way to forbid it. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
