Changes in version -04 are: - Borrow the term privacy-friendly identities from RFC5448bis. Updated the figures to use this term as well. - Added figure describing the case of EAP-TLS without peer authentication (like e.g. emergency services) - Added the text "Unfragmented messages MAY have the L bit set..." from EAP-TTLS as suggested by Oleg - Added that "Unauthenticated information SHALL NOT be used for accounting purposes or to give authorization." - Added Type-Code to key derivation as suggested by Alan - Described how to derive MSK, EMSK etc. (no change from 5216) as suggested by Alan - Added notes on length parameter and other TLS based EAP methods as suggested by Alan - Removed 5216 requirement that negotiated cipher suite cannot be used to protect data - OCSP stapling MUST be supported and MUST be used. - Added Authorization and Revocation consideration as suggested by Alan. Based on text from Alan. - Expanded privacy considerations. - Added short section on discovered vulnerabilities in old versions of TLS - Some reformulations and clarifications
Cheers, John -----Original Message----- From: "internet-dra...@ietf.org" <internet-dra...@ietf.org> Date: Monday, 11 March 2019 at 22:06 To: Mohit Sethi <mo...@piuha.net>, John Mattsson <john.matts...@ericsson.com> Subject: New Version Notification for draft-ietf-emu-eap-tls13-04.txt A new version of I-D, draft-ietf-emu-eap-tls13-04.txt has been successfully submitted by John Mattsson and posted to the IETF repository. Name: draft-ietf-emu-eap-tls13 Revision: 04 Title: Using EAP-TLS with TLS 1.3 Document date: 2019-03-11 Group: emu Pages: 28 URL: https://www.ietf.org/internet-drafts/draft-ietf-emu-eap-tls13-04.txt Status: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ Htmlized: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-04 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-04 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
