[Sorry- meant to copy the WG]
Alan,
We're not quite done. The following text needs to be removed, an
additional example added:
If there is no Phase 2 data, then the EAP
server MUST reject the session. There is no reason to have TEAP
devolve to EAP-TLS.
IoT devices need a way to authenticate as TEAP is EAP-TLS under nominal
conditions. When a certificate is about to expire, then the expectation
is that either the client will issue a PKCS#10 request *or* the server
will issue a request action TLV with PKCS#10, so that the client knows
the server wants it to renew.
This text *really *has to go.
Eliot
On 31.07.23 23:06, Alan DeKok wrote:
This version includes a typo fix from Heikki, and much extra discussion on
resumption based on Heikki's comments at IETF 117.
I've reviewed the text in this draft against RFC 9190 and RFC 9427. I've
tried to align the text as much as possible across documents.
I've also reviewed the text in this draft against the public implementations
of TEAP. The text in the draft matches what the implementations do.
Barring any updates from a final review of the GitHub issues, I think the
document is (again) finally done.
On Jul 31, 2023, at 5:02 PM,internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the EAP Method Update (EMU)
WG of the IETF.
Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1
Author : Alan DeKok
Filename : draft-ietf-emu-rfc7170bis-09.txt
Pages : 103
Date : 2023-07-31
Abstract:
This document defines the Tunnel Extensible Authentication Protocol
(TEAP) version 1. TEAP is a tunnel-based EAP method that enables
secure communication between a peer and a server by using the
Transport Layer Security (TLS) protocol to establish a mutually
authenticated tunnel. Within the tunnel, TLV objects are used to
convey authentication-related data between the EAP peer and the EAP
server. This document obsoletes RFC 7170.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-09.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-09
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
