Hi, Thanks, that is good information. Note that RFC 4137 is informative examples of how EAP can be implemented and not even mentioned in RFC 5216. Given this discussion it feels like RFC 5216 also needs to follow RFC 4137 or do something similar to be secure. RFC 5216 do not say anything about the EAP state machine.
On a high level I think the group need to decide if the EAP-TLS 1.3 specification should: a) Have normative state machine text for TLS 1.3 only b) Have normative state machine text for both TLS 1.2 and 1.3 c) Have informative state machine guidance for TLS 1.3 only d) Have informative state machine guidance for both TLS 1.2 and 1.3 e) Leave state machine to the implementaion just like RFC 5216. The current assumption has been e). Given that this is important for security a), b), c), and d) would have been better. TLS 1.3 likely increases the need to specify this. Adding this would however undoubtely delay the specification. Cheers, John From: Emu <emu-boun...@ietf.org> on behalf of Bernard Aboba <bernard.ab...@gmail.com> Date: Wednesday, 3 February 2021 at 02:14 To: "j...@salowey.net" <j...@salowey.net> Cc: EMU WG <emu@ietf.org> Subject: Re: [Emu] EAP-TLS protected result indications The discussion largely happened in 802.11 since that was where the vulnerability vulnerability was discovered (by Bill Arbaugh at UMD). Documentation of the required signals was in RFC 4137, tests on the fixed implementations were done by UMD and subsequent analysis and security proofs were done by the Mitchell group at Stanford. On Tue, Feb 2, 2021 at 15:53 Joseph Salowey <j...@salowey.net<mailto:j...@salowey.net>> wrote: [Joe] Aha, It's coming back to me now and it does seem that implementations do this. Do you know if the implementation requirements were documented anywhere? _______________________________________________ Emu mailing list Emu@ietf.org<mailto:Emu@ietf.org> https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
