I think this is a very good discussion to have. Any problems with peer authentication would (at least in theory) affect pure EAP-TLS as well. RFC 5216 states that:
RFC 5216: "While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means." So even for EAP-TLS to EAP-TLS resumption, the EAP/TLS server needs to store information about if the peer/client was authenticated or not. If client authentication was done, I assume the EAP/TLS server stores information about who the peer was, or? /John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
