On 07.10.22 22:46, Alan DeKok wrote:
On Oct 5, 2022, at 12:44 PM, Eliot Lear<l...@lear.ch> wrote:&TL;DR need clarity on how crypto-binding TLVs when there is no inner EAP method. Also note the use of request-action.Key questions: what value to pass for EMSK and MSK in crypto binding response when there is no inner method? Zeros? Also, can the flags indicate that there is no EMSK or MSK? This would solve our first problem.Both approaches seem reasonable.
Hmm. A 7/10 split! The question: what's the best answer?
Finally, are we cool piggybacking Result and Crypto-binding on a PKCS#7 TLV? Flows follow: Use case 1: Device just wants to use TEAP in the same way one would use EAP-TLS. This would be what I would call "normal operations". That is, we would expect something along the following lines:What additions are there from EAP-TLS? Provisioning?
In this case, there are ZERO additions to EAP-TLS. The behavior is the same. However, the reason the client shouldn't use EAP-TLS is that the server *might* send a request-action TLV, or *might* send a new trust anchor update or some other as-of-yet-to-be-specified TLV.
In the second use case, indeed it's provisioning when the server *does* do one of those things or when the peer itself sends a PKCS#10 TLV.
Eliot
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
