[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

From: Dan Harkins Sent: Sunday, October 6, 2024 4:17 PM To: Owen Friel (ofriel) ; Heikki Vatiainen ; EMU WG Subject: Re: [Emu] draft-ietf-emu-bootstrapped-tls-06 notes Hello, On 10/5/24 10:21 AM, Owen Friel (ofriel) wrote: From: Heikki Vatiainen Sent:

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

  Hello, On 10/5/24 10:21 AM, Owen Friel (ofriel) wrote: *From:*Heikki Vatiainen *Sent:* Friday, September 27, 2024 10:33 PM *To:* EMU WG *Subject:* [Emu] draft-ietf-emu-bootstrapped-tls-06 notes draft-ietf-emu-bootstrapped-tls-06 is clearly written. I've mainly worked on EAP server side i

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

From: Heikki Vatiainen Sent: Friday, September 27, 2024 10:33 PM To: EMU WG Subject: [Emu] draft-ietf-emu-bootstrapped-tls-06 notes draft-ietf-emu-bootstrapped-tls-06 is clearly written. I've mainly worked on EAP server side implementations and I think the document describes the TLS-POK hand

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

On Oct 4, 2024, at 4:19 PM, Michael Richardson wrote: > Can you give me an example of foo@ vs bar@ which would both be under > eap.arpa? Different provisioning methods which use the same underlying EAP method. > The I-D mentioned in the subject line is bootstrapped-tls, and it uses > tls-pok-

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

Alan DeKok wrote: > However, the situation is more difficult if the EAP supplicant signals > an NAI for an EAP method which is supported by the peer, but which > contains a provisioning method which the peer does not support. The > normal EAP NAK signalling allows selection only

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

On Tue, 1 Oct 2024 at 16:26, Alan DeKok wrote: > Perhaps: > > # EAP Peers > > An EAP session begins with the peer receiving an initial > EAP-Request/Identity message. An EAP peer supporting this > specification MUST examining the identity to see if it uses the eap.arpa > realm. If not, the EA

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

Perhaps: # EAP Peers An EAP session begins with the peer receiving an initial EAP-Request/Identity message. An EAP peer supporting this specification MUST examining the identity to see if it uses the eap.arpa realm. If not, the EAP peer MUST process the request normally. The EAP peer MUST ch

[Emu] Re: draft-ietf-emu-bootstrapped-tls-06 notes

+1 to all of this. I'll add some notes to the eap.arpa document to raise issues brought up here: * EAP type selection can be done by examining the provisioning NAI * NAKs should be handled specially for provisioning NAIs * There is no method to NAK a particular kind of provisioning. e.g.