This may be a stupid question, but I can’t find an explanation in the draft or figure it out myself... If the intended application for this TLS extension is network access, might it be simpler to define a new EAP method that used a similar key exchange? That would avoid touching implementations of TLS and those EAP methods using the extension.
Josh From: Dan Harkins Sent: 22 July 2020 21:59 To: emu Subject: [Emu] TLS-pok for EAP Hello, Owen and I have a new draft out to introduce a new authentication mechanism using out-of-band trust establishment (ala the DPP protocol) into TLS for use with a TLS-based EAP method like TEAP or EAP-TLS. This would enable zero touch provisioning for wired devices using the same boostrapping methods that DPP uses for wireless. I'm on the agenda for Friday to do a brief presentation. Here's a link to the draft if you're interested: https://datatracker.ietf.org/doc/draft-friel-tls-eap-dpp/ regards, Dan. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
