On Thu, 17 Aug 2023, at 23:33, Alan DeKok wrote:
>> If I did run EAP-TLS as an Inner method (whether once or twice), could I use
>> resumption?
>
> Uh... why didn't anyone mention this before? TEAP is a near-endless
> source of surprises and corner cases.
In fairness I think you could have th
On Fri, 18 Aug 2023, at 01:01, Michael Richardson wrote:
> I'm not sure it's sane to use EAP-TLS for Inner method myself.
If you mean in the general sense, I can imagine placing the user credential on
a hardware key whilst the machine credential is either a regular software
keychain or even more
On Aug 20, 2023, at 5:09 AM, Alexander Clouter wrote:
>
> On Thu, 17 Aug 2023, at 23:33, Alan DeKok wrote:
>>> If I did run EAP-TLS as an Inner method (whether once or twice), could I
>>> use resumption?
>>
>> Uh... why didn't anyone mention this before? TEAP is a near-endless
>> source of s
On Aug 20, 2023, at 5:15 AM, Alexander Clouter wrote:
>
> On Fri, 18 Aug 2023, at 01:01, Michael Richardson wrote:
>> I'm not sure it's sane to use EAP-TLS for Inner method myself.
>
> If you mean in the general sense, I can imagine placing the user credential
> on a hardware key whilst the mac
https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-12.html#section-3.5.4
Implementations MUST NOT permit resumption for the inner EAP methods
such as EAP-TLS. If the user or machine needs to be authenticated,
it should use a full authentication method. If the user or machine
needs to do r
On Aug 20, 2023, at 11:01 AM, Vadim Cargatser (vcargats)
wrote:
>
> https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-12.html#section-3.5.4
>
> Implementations MUST NOT permit resumption for the inner EAP methods
> such as EAP-TLS. If the user or machine needs to be authenticated,
> i
>>
>> https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-12.html#section-3.5.4
>>
>> Implementations MUST NOT permit resumption for the inner EAP methods
>> such as EAP-TLS. If the user or machine needs to be authenticated,
>> it should use a full authentication method. If the user or mach
On Sat, 19 Aug 2023 at 00:26, Michael Richardson wrote:
> Heikki Vatiainen wrote:
> > Should it be noted that this provisioning method is only available with
> > TLS 1.2 and earlier because the method requires anonymous ciphersuites?
> > It confirms to the reader that this is the in
