Joseph Salowey wrote:
> On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson
> wrote:
>>
>> Joseph Salowey wrote:
>> >> I suggest:
>> >>
>> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate
>> >> recovation checks, MUST implement Certificate
On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson
wrote:
>
> Joseph Salowey wrote:
> >> I suggest:
> >>
> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate
> >> recovation checks, MUST implement Certificate Status Requests
> using OCSP
> >> stapling as
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update WG of the IETF.
Title : Improved Extensible Authentication Protocol Method
for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')
Hi,
I think the text is great.
However I'm not entirely convinced that AIA requires network connectivity at
all times.
The AIA CA cert url is static and works fine as identifier for a locally cached
cert
The fact that it is the correct cert is assured by the path validation process.
As such, th
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update WG of the IETF.
Title : Perfect-Forward Secrecy for the Extensible
Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA'
Thanks, Mohit, for addressing my comments... and I'm glad you also
added text about the effect of quantum-safe algorithms on key and
signature sizes.
On the document status issue, I'd like to hear what other working
group participants think, and also what Roman's thoughts are.
Barry
On Fri, Oct
Hi Stefan,
Thank you for the review. I have updated the draft in github
(https://github.com/emu-wg/eaptls-longcert). Here is the diff for your
convenience:
https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-emu-eaptlscert.txt&url2=https://emu-wg.github.io/eaptls-longcert/d
Joseph Salowey wrote:
>> I suggest:
>>
>> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate
>> recovation checks, MUST implement Certificate Status Requests using OCSP
>> stapling as specified in Section 4.4.2.1 of [RFC8446].
> [Joe] Thanks Michael, I
Hi Barry,
Thank you for the careful review. I have updated the draft in github
(https://github.com/emu-wg/eaptls-longcert). Here is the diff for your
convenience:
https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-emu-eaptlscert.txt&url2=https://emu-wg.github.io/eaptls-lon