Hi, As there was no objections, I made the following changes to the GitHub version that will appear in draft-ietf-emu-eap-tls13-04
Section 2.1.1 OLD: As stated in [RFC5216], the TLS cipher suite shall not be used to protect application data. This applies also for early application data. When EAP-TLS is used with TLS 1.3, early application data SHALL NOT be used. NEW: TLS 1.3 introduces early application data; early application data SHALL NOT be used with EAP-TLS. Section 2.4 ADDED: While EAP-TLS does not protect any application data, the negotiated cipher suites and algorithms MAY be used to secure data as done in other TLS-based EAP methods. Section 2.5 DELETED: Note that the use of an empty application data record does not violate the requirement that the TLS cipher suite shall not be used to protect application data, as the application data is the empty string, no application data is protected. Cheers, John _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
