[Emu] ietf-emu-eap-arpa and ietf-emu-bootstrapped-tls

[Owen Friel (ofriel)]

Hi Alan, all
I'm updating 
https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-05#section-4
 to use the latest guidelines in 
https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-arpa-01 and am a bit 
confused about the username to use.

https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-arpa-01#section-3.3 
states:

"The username field MUST be either empty, or hold a fixed string such as 
"provisioning""

"The username field MUST NOT omitted. That is, "@eap.arpa" is not a valid 
identifier for the purposes of this specification."

The above two statements appear to contradict each other.

And 
https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-arpa-01#section-5.3 
states:

"It is RECOMMENDED that EAP-NOOB peers use "@noob.eap.arpa" first, and if that 
does not succeed, use n...@eap-noob.arpa<mailto:n...@eap-noob.arpa>"

even though RFC 9140 defines "n...@eap-noob.arpa<mailto:n...@eap-noob.arpa>" 
i.e. it RFC 9140 defines a username, but emu-eap-arpa recommends peer not use 
one at first.

So.. for ietf-emu-bootstrapped-tls, which format should the identifier use:


  1.  No username: @tls-pok-dpp.eap.arpa
  2.  Username: tls-pok-dpp@ tls-pok-dpp.eap.arpa
  3.  Anonymous username: anonymous@ tls-pok-dpp.eap.arpa

3 seems forbidden. But I'm not clear from ietf-emu-eap-arpa which of 1 or 2 to 
use.

Thanks,
Owen

_______________________________________________
Emu mailing list -- emu@ietf.org
To unsubscribe send an email to emu-le...@ietf.org