On Thu, 16 Feb 2023 at 21:16, Alan DeKok <al...@deployingradius.com> wrote: > > This version addresses all outstanding reviews from the IESG.
The second paragraph of section '6.1. Handling of TLS NewSessionTicket Messages' ends with this sentence where the end of sentence is repeated: If the server allows the session to resume without verifying that the user had first been authenticated, the malicious client can then obtain network access without ever being authenticated network access without ever being authenticated. Regarding the newly added text, it's good that it's now clearly said that TLS session resumption by itself is not sufficient for EAP success. Here's how the above text continues: As a result, EAP servers MUST NOT assume that a user has been authenticated simply because a TLS session is being resumed. Heikki > > On Feb 16, 2023, at 2:11 PM, internet-dra...@ietf.org wrote: > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the EAP Method Update WG of the IETF. > > > > Title : TLS-based EAP types and TLS 1.3 > > Author : Alan DeKok > > Filename : draft-ietf-emu-tls-eap-types-13.txt > > Pages : 23 > > Date : 2023-02-16 > > > > Abstract: > > EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many > > other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- > > TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific > > EAP methods. This document updates those methods in order to use the > > new key derivation methods available in TLS 1.3. Additional changes > > necessitated by TLS 1.3 are also discussed. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ > > > > There is also an htmlized version available at: > > https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-13 > > > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-tls-eap-types-13 > > > > > > Internet-Drafts are also available by rsync at > > rsync.ietf.org::internet-drafts > > > > > > _______________________________________________ > > Emu mailing list > > Emu@ietf.org > > https://www.ietf.org/mailman/listinfo/emu > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu -- Heikki Vatiainen h...@radiatorsoftware.com _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
