On Mar 25, 2019, at 5:36 AM, John Mattsson <john.matts...@ericsson.com> wrote: > > https://tools.ietf.org/html/draft-sy-tls-resumption-group > > This document will be discussed today in the TLS WG 11.20 - 12.20. Might be > interesting for the discussion on cross method resumption for TLS-based EAP > methods.
I took a quick look. It is related. It addresses a problem people have been ignoring in EAP-TLS implementations. :( i.e. high load systems sometimes require multiple servers for load-balancing. Right now, the common practice is to just copy the server certificate to each machine. That works, but it's imperfect. This draft would allow each server to have it's own certificate, while still allowing resumption across different servers. It may be worth discussing the issues EMU has been having, too. e.g. There's nothing *in principle* that prevents a client from authenticating via EAP-TLS, and then using that TLS data to "resume" an HTTPS connection. That may be surprising to people. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
