On Feb 2, 2021, at 4:16 PM, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > > Alan DeKok wrote: > >> The diagram suggests that it's possible for the EAP-TLS server to separate >> the "TLS Finished" >messages from the "NewSessionTicket" message. There is >> no guidance as to how this is done. >After spending some time going through >> RFC 8446 and OpenSSL docs / code, it's not clear that this >separation can >> be enforced by the application. > > John: It is impossible to not separate them when client authentication is > used.
If this is enforced by the TLS layer, then that's good. > The only time it is possible to send them together is when there is no client > authentication. The message flows are just examples of how a TLS 1.3 message > flow might look like. In Figure 8: EAP-TLS without peer authentication, the > TLS implementation may send NewSessionTicket together with server Finished, > as explained in RFC 8446. Future extension might also change things. I don't > think the draft can or should explain all the corner cases of TLS 1.3. I think the draft can, and should explain how the corner cases of TLS 1.3 affect the EAP state machine. The alternative is an under-specified protocol which is open to attacks. The protocol has to be correct by design, not by accident. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
