Hi all,
in an earlier email on this topic John wrote "I don't see why anybody would get the impressions that the application data would be unencrypted, all application data in TLS 1.3 is encrypted." Even in the latest version of the draft (version -11) I can still find text that says the contrary. Section 2.4: " While EAP-TLS does not protect any application data, the negotiated cipher suites and algorithms MAY be used to secure data as done in other TLS-based EAP methods. " Section 2.1.1: " After the TLS handshake has completed and all Post-Handshake messages have been sent, the EAP server sends EAP-Success. " Even the figure that follows this statement shows that this is not true because there is still the Commitment Message. Can you see how this is confusing? I had suggested to add a note to the introduction to make it clear that the Commitment Message is one of the two things that changed with this draft. (The other aspect is the changed key exporting.) Currently, the important information on how the Commitment Message works is buried in a section called EAP State Machines when nothing in the draft can possibly change the EAP state machine. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu