On Wed, Jan 27, 2021 at 7:17 AM Alan DeKok <al...@deployingradius.com> wrote:
> On Jan 27, 2021, at 10:09 AM, John Mattsson <john.mattsson= > 40ericsson....@dmarc.ietf.org> wrote: > > > > Looking at the GitHub version after the latest changes. I don't think > the tradeoffs make sense anymore. > > > > - Full handshake is now 4.5 round-trips > > Does that account for large / long certificate chains? > > > - Resumption is now 4.5 round-trips. > > > > This does not seem like a good tradeoff or optimization at all. If we > instead skipped Resumption, the full handshake could as far as I understand > always be done in 3.5 round-trips. This would cut a large amount of > complexity from the draft and implementations and make the protocol much > faster. > > That sounds good. But how would this affect other TLS-based EAP > methods? They send data inside of the tunnel, which adds round trips. So > perhaps resumption is useful there? > > It would likely be problematic if EAP-TLS doesn't support resumption, > but TTLS / PEAP / etc. required it. > > [Joe] It seems that resumption would help in the case that large certificates cause multiple round trips. Do you have an idea of how widespread resumption use is in current EAP-TLS implementations? Its likely that TEAP implementations would use resumption, however they handle commitment in a different way. > And of course, this ignores the timeliness of the changes. I suspect > that silence from the WG means that consensus is "we can afford to wait > another year for EAP-TLS to be finished". > > Alan DeKok. > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
