On Feb 3, 2021, at 8:32 AM, John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > I seriously don't know where you got all of the above from. I only summarized > the earlier discussion. I did not state any opinions.
I'm asking you as author to understand, explain, and defend the draft that you wrote. The issue is *exactly* that you didn't state opinions. > I think the group needs to discuss if -13 or -14 can be a basis for > publishing or if we need substantial changes. The version the working group > wants to publish also needs to pass IESG, that is a fact. The suggestion that > EAP-TLS 1.3 should document detailed interaction with the informal EAP state > machine is very new. Jouni Malinen brought up the question of RFC 4137 2.5 years ago, in the message you referred to recently. This isn't new. > Regarding the EAP/EAP-TLS/TLS 1.3 interaction I don't think there are any > really good short term solution. The chosen mechanism will likely have > significant drawbacks and tradeoffs. Such as? > My personal opinion is that the application data commitment message seems to > be a bit less problematic then close_notify. None of them are an "alternative > success", if that is what is needed, I don't think any of them work. Why? Perhaps the draft could be updated to *explain* these issues? I'm still rather surprised that with open issues, the suggestion was that the "best way forward" was just to publish the draft. It's simply not. > The current objective status (without defending or offending anybody) is that > if the WG cannot agree on adding clarifications and smaller updated to -14, > EAP-TLS 1.3 will likely be significantly delayed. The comments on -14 in the > WG so far is that it should not progress and that decisions need to wait > until IETF 110 hackaton and EMU meeting. Delaying may be the right option, > but the WG should be aware of this. A couple of weeks ago, I understood you > position as moving forward with either version was the most important goal. No. I am never of the opinion that the most important goal is to publish. While timeliness is important, if we don't *understand* what we're publishing, then that is a total show-stopper. We have to hold off publishing "something" until we understand exactly what we're doing. While I mostly like -13, it's not clear to me what, if any, utility the commitment message has. When I ask "what does it do, and why", it's not helpful to answer "we added it years ago". If the draft cannot explain the pros and cons of it's choices, then the draft should be updated to do that. If it's not clear *why* content is in the draft, then we should figure it out. That's why I'm asking questions, and why I would very much appreciate answers to those questions. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
