[Emu] Protocol Action: 'Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)' to Proposed Standard (draft-ietf-emu-eap-tls13-21.txt)
The IESG <iesg-secretary@ietf.org> Tue, 26 October 2021 17:23 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: emu@ietf.org
Delivered-To: emu@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A52343A1598; Tue, 26 Oct 2021 10:23:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 7.39.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: Joseph Salowey <joe@salowey.net>, The IESG <iesg@ietf.org>, draft-ietf-emu-eap-tls13@ietf.org, emu-chairs@ietf.org, emu@ietf.org, joe@salowey.net, rdd@cert.org, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <163526899465.9726.10902315567928952548@ietfa.amsl.com>
Date: Tue, 26 Oct 2021 10:23:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/UySO-DowfH6PRmBJQXCQY0txR6Q>
Subject: [Emu] Protocol Action: 'Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)' to Proposed Standard (draft-ietf-emu-eap-tls13-21.txt)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 17:23:15 -0000
The IESG has approved the following document: - 'Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)' (draft-ietf-emu-eap-tls13-21.txt) as Proposed Standard This document is the product of the EAP Method Update Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ Technical Summary The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. Working Group Summary The document had a lot of review and discussion. There is in general good consensus for moving the document forward. Towards the end of the WG discussion, an additional consensus call was needed to agree produce the normative language on OCSP usage. This document was sent for IESG review in February 2021. IESG review uncovered a design issue (https://mailarchive.ietf.org/arch/msg/emu/3ZFWAx0of-67P6yhtMIdmx9BLNs/) which sent the document back to the WG. This document was updated, sent through WG and IETF LC and is now returning again to the IESG. Document Quality Much of the discussion on the list was based on comments from implemented of the previous version of the protocol or the proposed version of the protocol. At least two public implementations of the protocol are available: wpa_supplicant - https://w1.fi/cgit/hostap/ free radius - https://github.com/FreeRADIUS/freeradius-server Personnel Document Shepherd - Joe Salowey Responsible AD - Roman Danyliw