On Feb 3, 2021, at 5:26 AM, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > At the same meeting it was also ruled out to use the Reserved bits in EAP-TLS > header and to make EAP-Success carry payload. Latency and security was > discussed a lot with Bernard keeping the security high and Jouni expressing > on the mailing list before the meeting that he wanted to cut even more > roundtrips from the message flow. > > According to the minutes it seems like Jim suggested the use of application > data and Eric suggested the interpretation to make this mean no more > handshake messages. This was added to the draft and everybody was happy with > that for 2.5 years. While individual persons cannot represent the TLS WG, > there was a large amount of senior TLS people present and active in the > discussion.
Does that mean all open issues have been addressed and resolved? The current suggestion from Eric is to *not* use application data, but to use CloseNotify instead. Does this mean the earlier discussion was wrong, or is the current suggestion wrong? Are we allowed to dig into reasons *why* we're doing this? I'm a little taken aback at the appeal to authority, and the opinion that the "best way forward" is to just publish a document we don't understand. I'll also note that you're defending the *process*. You're not defending the *content* of the draft. So do you stand behind it? i.e. do *you* have reasons why this behaviour is necessary? The above summary from 2.5 years ago discusses *what* was decided. The draft (and the summary) still makes no mention of *why* it's done, or why it's useful. The purpose of the draft is not to just publish "something". The purpose of the draft is to publish a clear, secure, spec for EAP-TLS 1.3. The current discussion does not give me confidence that we're making progress Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
