Regarding resumptions:
>>> If I did run EAP-TLS as an Inner method (whether once or twice), could
>>> I use resumption?
>> Uh... why didn't anyone mention this before? TEAP is a near-endless
>> source of surprises and corner cases.
> I'm not sure it's sane to use EAP-TLS for Inner method myself.
>> My $0.02 is to disallow inner resumption. It makes zero sense. If
>> you want faster authentication, resume the outer session. How about
>> after the added paragraph quoted above:
....
>> In contrast, TEAP implementations SHOULD NOT perform resumption for
>> inner methods. If the user or machine needs to be authenticated, it
>> should use a full authentication method. If the user or machine needs
>> to do resumption, it can perform a full authentication once, and then
>> rely on the outer TLS session for resumption.
> That sounds fine to me.
Since PAC is not used anymore:
In TLS 1.2: the ticket is part of the handshake, so we cannot bind that with
the successful inner authentication, correct?
In TLS 1.3: that should be possible to issue a ticket after the handshake, so
are we ok with such approach to perform inner methods resumption?
Is it worth explaining more on that in the document?
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
