I don’t want to push the decision in either direction without looking into the
details.
But I wanted to point out that there’s usually a third alternative between “no
need for new documents” and “need a new RFC to describe the new version”.
Explaining that the old protocol can be used and what
On Nov 16, 2017, at 12:16 AM, Mohit Sethi wrote:
>
> Coming back to our motivation for this draft. 3GPP has decided that
> authentication in 5G can be done with any type of credential that the
> operator accepts and that EAP will be used for authentication. The working
> assumption is that EAP
Alan said:
"That's good. But as Bernard points out, there's no need to change
EAP-TLS. You can just use TLS 1.3."
[BA] Existing implementations enable organizations to impose TLS version
and ciphersuite requirements on *their* devices. For example, I have
worked with organizations that require
Alan said:
" Further, you're free to mandate use of TLS 1.3 in 5G specifications.
They're your specifications, and you're free to ignore IETF requirements if
you so choose."
[BA] There are many organizations who have imposed cryptographic or version
policies on their EAP-TLS implementations. For
