On Tue, Jan 05, 2021 at 11:12:21AM -0500, Alan DeKok wrote: > On Jan 5, 2021, at 11:05 AM, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > > > Alan DeKok <al...@deployingradius.com> wrote: > >> Therefore, we need an explicit signal to the EAP-TLS layer that the > > > > Do you mean, "to the EAP layer"? > > s/EAP-TLS layer/EAP/ ?? > > If the EAP-TLS layer allows TLS negotiation OR EAP-Success, then it's > possible to bypass TLS by spoofing an EAP-Success. So the EAP-TLS layer > needs to have a way to say "we're done, EAP-Success is now OK". > > It's really nested: EAP ( EAP-TLS ( TLS ) ) > > We can't finish EAP until we know that EAP-TLS is finished. We can't > finish EAP-TLS until we know that TLS is finished.
Okay. What step suffices to determine that "TLS is finished" for your use case. The natural definition is "the handshake is complete", which would be incompatible with the text currently in the draft (and with 0.5-RTT entirely). -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
