On Jan 27, 2021, at 10:09 AM, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > > Looking at the GitHub version after the latest changes. I don't think the > tradeoffs make sense anymore. > > - Full handshake is now 4.5 round-trips
Does that account for large / long certificate chains? > - Resumption is now 4.5 round-trips. > > This does not seem like a good tradeoff or optimization at all. If we instead > skipped Resumption, the full handshake could as far as I understand always be > done in 3.5 round-trips. This would cut a large amount of complexity from the > draft and implementations and make the protocol much faster. That sounds good. But how would this affect other TLS-based EAP methods? They send data inside of the tunnel, which adds round trips. So perhaps resumption is useful there? It would likely be problematic if EAP-TLS doesn't support resumption, but TTLS / PEAP / etc. required it. And of course, this ignores the timeliness of the changes. I suspect that silence from the WG means that consensus is "we can afford to wait another year for EAP-TLS to be finished". Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
