Hi Alan, I'll second the thanks for putting this together; I think it covers the important open points.
I did belatedly remember one more thing that is perhaps not critical, but would also be good to get an answer for: On Fri, Jan 29, 2021 at 03:00:51PM -0500, Alan DeKok wrote: [...] > > DISCUSS: other than word-smithing the above points, are there serious > objections to the behaviour documented in -13? i.e. does the IETF want to > recommend that EAP-TLS alpha testing begins *now*, or should it wait until > 2022? I think that an exchange between Martin and Mohit raised the question of whether the EAP server-id and peer-id would be available for use in the 'context' argument of the TLS Exporter, as that would help strengthen the binding between keys and the authentication exchange. I do recall a mention that WolfSSL doesn't support a context argument for the exporter, but I don't know how prohibitive that limitation would be in practice. -Ben _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
