On Feb 1, 2019, at 7:20 AM, John Mattsson <john.matts...@ericsson.com> wrote: > If we cannot come up with a good reason to have the requirement, I think we > should consider removing it in draft-ietf-emu-eap-tls13. > draft-ietf-emu-eap-tls13 already has a whole paragraph just trying to > motivate why the use of an empty application data record does not violate > this RFC 5216 requirement, and as you say, it gives the idea that other > TLS-based EAP methods like TTLS / FAST / PEAP / TEAP is doing somebody bad.
I agree, thanks. >> I'll also note that RC 5216 Section 2.4 mentions mandatory to implement >> ciphers, and this draft doesn't. It might be worth adding that, or adding a >> note referencing an appropriate section of RFC 8446. > > draft-ietf-emu-eap-tls13-03 has the following paragraph in Section 2.4: > > OLD:"When EAP-TLS is used with TLS version 1.3 or higher, the EAP-TLS > peers and servers MUST comply with the requirements for the TLS > version used. For TLS 1.3 the compliance requirements are defined in > Section 9 of [RFC8446]." > > Section 9 of RFC8446 list mandatory-to-implement cipher suites, signature > algorithms, key exchange algorithms, and extensions. We could add some > additional text be added draft-ietf-emu-eap-tls13 to clarify that the > compliance requirements include cipher suites. > > NEW: "When EAP-TLS is used with TLS version 1.3 or higher, the EAP-TLS peers > and servers MUST comply with the compliance requirements (cipher suites, > signature algorithms, key exchange algorithms, extensions, etc.) for the TLS > version used. For TLS 1.3 the compliance requirements are defined in Section > 9 of [RFC8446]." Looks good, thanks. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
