On Sun, Jun 13, 2021 at 2:44 PM Bernard Aboba <bernard.ab...@gmail.com> wrote:
> draft-ietf-emu-eap-tls13-16 Section 2.1 contains the following text: > > EAP-TLS 1.3 remains backwards compatible with EAP-TLS 1.2 [RFC5216] . TLS > version > negotiation is handled by the TLS layer, and thus outside of the > scope of EAP-TLS. Therefore so long as the underlying TLS > implementation correctly implements TLS version negotiation, EAP-TLS > will automatically leverage that capability. > > > I am concerned that this statement is potentially misleading. An > implementation of RFC 5216 that negotiates TLS 1.2 and utilizes the key > hierarchy defined in RFC 5216 Section 2.3 will not interoperate with an > implementation of draft-ietf-emu-tls13-16 that also negotiates TLS 1.2 and > utilizes the key hierarchy defined in Section 2.3 of that document. > > So in what sense is EAP-TLS 1.3 "backwards compatible" with EAP-TLS 1.2? > > The only way this makes sense to me is if it is stated that > draft-ietf-emu-eap-tls13 applies only when TLS 1.3 is negotiated, and that > if TLS 1.2, 1.1 or 1.0 is negotiated, then RFC 5216 applies. > > [Joe] Good point. I think this is missing from the draft. The EAP-TLS implementation does need to know which version of TLS is negotiated. I agree that this draft applies to when TLS 1.3 is negotiated and not previous versions of TLS. > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu