Hi Russ, You can listen here: https://youtu.be/YJLG4JUftqI?t=1144
We plan to support it in EAP-TLS-PSK instead: https://tools.ietf.org/html/draft-mattsson-emu-eap-tls-psk-00. We have already added a reference to draft-ietf-tls-tls13-cert-with-extern-psk and plan to use it. I think using an external PSK any ways requires ironing out some issues like what is the relationship between NAI and the PSK identity? And do we allow user-configured PSK identities/PSKs etc.? Would it be reasonable if we specify the usage of draft-ietf-tls-tls13-cert-with-extern-psk in EAP-TLS-PSK instead? --Mohit On 3/10/20 6:30 PM, Russ Housley wrote: > I do not understand the reason for Bernard's objection. I looked at the > minutes, and I do not find any rationale there. Can you help? > > Russ > > >> On Mar 9, 2020, at 5:59 AM, John Mattsson <john.matts...@ericsson.com> wrote: >> >> Hi Russ, >> >> Sorry for the late reply. I actually brought up your draft >> [ID-ietf-tls-tls13-cert-with-extern-psk] during my EMU presentation at IETF >> 106 as something that should probably be in EAP-TLS. Bernard Aboba then >> expressed a very strong opinion that >> [ID-ietf-tls-tls13-cert-with-extern-psk] should absolutely not be included >> in the EAP-TLS Type-Code 0x0D. After this the WG decided as a way forward to >> specify EAP-TLS with PSK authentication in a new draft. >> >> Given these strong opinions from Bernard Aboba, and the wish to publish >> draft-ietf-emu-eap-tls13 soon. I think the best way forward would be specify >> the use of [ID-ietf-tls-tls13-cert-with-extern-psk] in the same new draft as >> EAP-TLS with PSK authentication. Does that sound like an acceptable way >> forward? >> >> Cheers, >> John >> >> -----Original Message----- >> From: Russ Housley <hous...@vigilsec.com> >> Date: Monday, 13 January 2020 at 18:29 >> To: John Mattsson <john.matts...@ericsson.com> >> Cc: EMU WG <emu@ietf.org> >> Subject: Late WGLC Comment on draft-ietf-emu-eap-tls13 >> >> John: >> >> Section 2.1.1 says: >> >> Pre-Shared Key (PSK) authentication SHALL NOT be used except >> for resumption. >> >> I would rather this say: >> >> Pre-Shared Key (PSK) authentication SHALL NOT be used except >> for resumption or in conjunction with the "tls_cert_with_extern_psk" >> extension [ID-ietf-tls-tls13-cert-with-extern-psk]. >> >> Russ >> >> >> > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
