Thanks, Good to know that RFC 5448 (EAP-AKA’) and aka-pfs have protected result indicators. I missed that RFC 5448 gets this from RFC 4187.
John -----Original Message----- From: "jari.ar...@piuha.net" <jari.ar...@piuha.net> Date: Monday, 8 February 2021 at 18:07 To: John Mattsson <john.matts...@ericsson.com> Cc: EMU WG <emu@ietf.org> Subject: Re: [Emu] General EAP discussion of protected alternate indication of success, RFC 4137, and IEEE 802.1X John, This may be a side note in the TLS discussion, but just looked at the below list: > Looking at the other active documents in the EMU WG: > > draft-ietf-emu-rfc5448bis > draft-ietf-emu-aka-pfs > […] > None of them has a protected alternate indication of success […] And it seems to me that RFC 4187 (EAP-AKA) does have protected result indicators (see Section 12.8). RFC 5448 (EAP-AKA’) is a diff to EAP-AKA, and it doesn’t add or remove of any of that. RFC5448bis even has a table (Section 3.5) that shows when AT_RESULT_IND, AT_NOTIFICATION, AT_ENCR_DATA, etc and EAP-Request/Response/AKA-Notification can be used. That table matches my understanding of RFC 4187 result indicators usage. I also checked an open source implementation and it seemed to be doing these functions. As for the PFS extension, that shouldn’t remove any of the underlying features either. (But I could easily have misunderstood or forgotten something. Happy to learn or fix things if so.) Jari _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
