Re: [Emu] I-D Action: draft-ietf-emu-rfc7170bis-08.txt

Mon, 10 Jul 2023 05:33:19 -0700 

  This revision adds some discussion on client certificates, uses, and 
similarities to EAP-TLS:

* using client certificates in Phase 1 and no authentication or provisioning in 
Phase 2 is permitted

* however, Phase 2 MUST still be used, as the Result TLV (etc) serve as the 
protected success indication as discussed in RFC 9190\

* CAs should validate (somehow) any CSR they receive, to check that the 
contents are reasonable

* once the peer has a certificate, it can use it in TLS sessions outside of the 
TEAP context.  CAs and related systems should be aware of this possibility, and 
find ways to prevent these mis-uses

  I think that closes out all remaining issues.

> On Jul 10, 2023, at 8:29 AM, internet-dra...@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This Internet-Draft is a work item of the EAP Method Update (EMU)
> WG of the IETF.
> 
>   Title           : Tunnel Extensible Authentication Protocol (TEAP) Version 1
>   Author          : Alan DeKok
>   Filename        : draft-ietf-emu-rfc7170bis-08.txt
>   Pages           : 103
>   Date            : 2023-07-10
> 
> Abstract:
>   This document defines the Tunnel Extensible Authentication Protocol
>   (TEAP) version 1.  TEAP is a tunnel-based EAP method that enables
>   secure communication between a peer and a server by using the
>   Transport Layer Security (TLS) protocol to establish a mutually
>   authenticated tunnel.  Within the tunnel, TLV objects are used to
>   convey authentication-related data between the EAP peer and the EAP
>   server.  This document obsoletes RFC 7170.
> 
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/
> 
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-08.html
> 
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-08
> 
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
> 
> 
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to