IETF Logo Mail Archive

[Emu] Re: Call for adoption: draft-reddy-emu-pqc-eap-tls-03 (Ends 2026-05-12)

tirumal reddy <kondtir@gmail.com> Wed, 29 April 2026 06:02 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: emu@mail2.ietf.org
Delivered-To: emu@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 744DDE56A596 for <emu@mail2.ietf.org>; Tue, 28 Apr 2026 23:02:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777442554; bh=6Zh3PRPaw2Owv4D6lapdY4omNLVCYG4zXVussr9hdwM=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=zBaXIax69isA1aSJ2BPw1obfUkzIic/Xq83xETctziMOABY4slKifFrLWbLOHFP8j apUbvDg+Zd86jfJRlBd3N813r4sIus3sWpQa6KrEnDNEHF6ICB4JuuvNYAKsFdSFxT Rz9PvzJ7TQcK4npDl6EnzSXODxfLHM86zQy5KS8U=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ryevjE_LsSm6 for <emu@mail2.ietf.org>; Tue, 28 Apr 2026 23:02:33 -0700 (PDT)
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C19C7E56A58F for <emu@ietf.org>; Tue, 28 Apr 2026 23:02:33 -0700 (PDT)
Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-b79f8f7ea43so1710903266b.2 for <emu@ietf.org>; Tue, 28 Apr 2026 23:02:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1777442553; cv=none; d=google.com; s=arc-20240605; b=hPUWu5RE62BbhFUlwaprnIn+L444ySma74U9E91qyLchdZNZc2yi6UboJJM/9JKSqK 1kJFpxXYVtfptOF+nvhtkpRBLtHvDvLX0oQkRYDqIzHvPbt5pE21IplksXkYenPVR3OP 8fmLbcaCn6YHAhDMEPOO6j+mAJt23weoGcam3ljA3nPr4l/b0JBtLdUSKICvAQfFSK4g 0Pox0DOIdnlDn949PyhN8/EEAV2LxxF7pJbbrOQv8oEupRlfJjWio89AnSZgXfCa5EAN Qdmu0f3gSp1MMBuc4VW4Mfc/5YAotE0CO3DzY0xuO93CwAPVqcVRv1oGWuikln/V+Of2 aFbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=pp/UfQxp+eqWeveRAZugYe+ilT5y+nTNPLNOr9+bMZQ=; fh=t7CziZVDlprQ1X9B3gmJYn0d96dmbdv3sBUGc9+GzS0=; b=Fh03be2BtA5IM1+HrCAUHv97xYtAZdKnHu1oq9kFYS3vXTGaMfnSnj8fxidqBr7thW AmDbXNOTXkrBVsTYscDN8iPy48ktRgzrmkTCDf+tg9C8k3u9az8tNaDQgK0l8brcWmBC 4hy/Tub9+dfvEdHFqvzOKiDXdXT68a8eqKIRpoSNQaIRGwDp6LZOIs2PwQdWNYT6Pl9n Q3Hn8k5Dx895L8hVOf1ZACRyfYCf2stfxLDnB5lRJ23mrxoejTq/M/wcgUD9JJBQcQzH AginwvcRpZrxekhxfgO1GJ4+CAfVTB7YoLezrvmS/sUxzSDT1dL7t7ZwlNUcXTDFpNLF ESkQ==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777442553; x=1778047353; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pp/UfQxp+eqWeveRAZugYe+ilT5y+nTNPLNOr9+bMZQ=; b=ASNM6fvpaPkRuqB8WFqdNljIogy7zif/zL0DEZIzZmxYxRG9cONkd+fJ/CAgC2V3Em n5sCwf/ozwm3XxCZ0RsnyCmujm7JRcTxk1gOIDZq+Cab9JXS00kFyKzWF/Aq6hQHJPAD LXAqZq5otcsI3KZJezaKD6An7jK11OsVMDrOnkZV7+nfUh6FwgydVzi/eddfDlmkpp+e 9knMjmzQVOYa+3ifSLriu3Yapvtv3WzmvCiacqZuke8bfs/x6qRAspDlKChYPsTwndnp bfUi8ScIZtFxKj/fOhV6KvlEzCo5eLhzUO27ucE79OVWtCc70ENc+k+aofyM41Kb+HZw msxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777442553; x=1778047353; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=pp/UfQxp+eqWeveRAZugYe+ilT5y+nTNPLNOr9+bMZQ=; b=B0IuUpb2wE2ZitRO6L25gTHc9icqYKiA82IQJ0uvDe3/nESFPsJUHK39x4xE9Div6i okEBXfn5MtBP1GiYBX63+vpoLHmRfuraYyCBSBmIwUied5v4xfZHjN6NhLzyoYRpyN6n 20AL8OdrhM8zmuJv+oD4S9JCJjpK+RLMJMCMNxBLl7zUi/mIxok5Zka1Nm/iheZN/wuC meEwCly8U9ItUsF14uCryOr2rEyHZehFHaRoMKLwGzaDWdwBl47/FP//GyfpX1GlmqIh T1Z9/hM3Ewno7x36psfYVnIYlK7V1hAatKDvw9yILnbf0JfwqPb+uv/ZYIZKP9evdG3P Rtcg==
X-Forwarded-Encrypted: i=1; AFNElJ8GKWwMB69ddQgFa0cHSI0SDzGjsctjVWN/8a6xvJ107j7/BNNt31ZT0x4eAtowggyaNpo=@ietf.org
X-Gm-Message-State: AOJu0YwkMNgq/1TJbvY4PkqX7AD1I+6d16JuP491cfXJtxZuUCmUhMMY iGV0bVjEG1YRUvrINxf05zR3cvJMPdPR0UfxX/ISfosRrcSGn0fiw4BlW7D35+2sOF0mqccO/KD hPEs6oGFrg9wgmexRiVvDEBoHrEqaKGXhsSbp
X-Gm-Gg: AeBDieuUKNxPOr89tW0P2+8xhEL4xs9bqomxeQAzbm+c6iV/2mRL3teRTEOKImgQhrQ 9+7BQrP0ZS0t3FPU1CYw0Nn7zY5vuDvUwgomyw8CLGMgCtDsVAL/1BaltI3h1fybL1RQ4qdOGvv Vh00B/Ev2QU1jkO8uPp9PcjRxlbJfgDZXaaAGwJ52f0fZd8lmbNh9FczmecIDAqn8JLhBA13ToB ETllw6oM5QFl01wGQCuk6JWB3MWnYj5/jpiYdQh4BuJnYWhR/4iRhfDo0xnBNubyCZMZlM5y+iA ILMg6fjelh8upVbi3A==
X-Received: by 2002:a17:907:94d3:b0:b98:3b5d:e147 with SMTP id a640c23a62f3a-bb93c2a740cmr119174366b.3.1777442552575; Tue, 28 Apr 2026 23:02:32 -0700 (PDT)
MIME-Version: 1.0
References: <177737188720.672.9610067155376320831@dt-datatracker-b45949c58-t72jx> <5F0A9979-DFC3-49F8-A8EF-639B8422246C@akayla.com> <c8728f96-6422-4bb9-a762-96c06b6462c9@lear.ch> <CAFpG3gd4_1SCaJ2a88SRS7aAm=C_-wSYNGNPb=3TgWOdCy6WFQ@mail.gmail.com> <24a36783-ca93-4196-a214-2e3a42ede6d7@lear.ch>
In-Reply-To: <24a36783-ca93-4196-a214-2e3a42ede6d7@lear.ch>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 29 Apr 2026 11:31:55 +0530
X-Gm-Features: AVHnY4Ir13Br_c1oU2AziwnBIAPolSxv9EkPhFLJ6pBaJ5rOuBC7unxiMwCgpJQ
Message-ID: <CAFpG3ge+kJ15qEVDFVn_ZpaM0cO4USZgEiSpOM__CKhtus1zHQ@mail.gmail.com>
To: Eliot Lear <lear@lear.ch>
Content-Type: multipart/alternative; boundary="000000000000f47c6406509317f6"
Message-ID-Hash: KCVQOUSAQHVTAHCJIDPSTKP3344U5SWR
X-Message-ID-Hash: KCVQOUSAQHVTAHCJIDPSTKP3344U5SWR
X-MailFrom: kondtir@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-emu.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: emu@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Emu] Re: Call for adoption: draft-reddy-emu-pqc-eap-tls-03 (Ends 2026-05-12)
List-Id: "EAP Methods Update (EMU)" <emu.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/bjfKyoKRetkXfMX96QoqVUCMGcY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Owner: <mailto:emu-owner@ietf.org>
List-Post: <mailto:emu@ietf.org>
List-Subscribe: <mailto:emu-join@ietf.org>
List-Unsubscribe: <mailto:emu-leave@ietf.org>

On Tue, 28 Apr 2026 at 20:43, Eliot Lear <lear@lear.ch> wrote:

> Tiru,
>
> The reason I asked both questions is that EAP-TLS in particular is
> implemented on some 802.15.4 networks that can be lossy, low bandwidth,
> with low MTU.  I think it's a good idea to have at least some feel for what
> we're in for with very large keys/certs.
>
Valid point.  The handshake size impact in constrained networks like
802.15.4 comes from both large PQC certificates and large PQC KEM public
keys, particularly with PQ/T hybrid schemes. The EST pre-fetching
optimization discussed in this draft and the optimizations discussed in
ietf-uta-pqc-app, including certificate chain optimization and optimizing
ClientHello for Hybrid Key Exchange in TLS Handshake would help reduce this
overhead. Implementation experience in these environments would be helpful.

-Tiru

> Eliot
> On 28.04.2026 15:27, tirumal reddy wrote:
>
> On Tue, 28 Apr 2026 at 17:12, Eliot Lear <lear@lear.ch> wrote:
>
>> Hi Peter and colleagues,
>>
>> Has anyone created a test implementation with hostap to see if there are
>> any ill effects from large key sizes?  Also, I would like to understand the
>> relationship of this work, if any, to PLANTS.
>>
> No, the draft does not discuss merkle-tree certificates. PLANTS targets
> WebPKI. While Merkle-tree certificates would help reduce PQC certificate
> sizes in EAP deployments, their applicability in this context requires
> further analysis.
>
> -Tiru
>
>> Eliot
>> On 28.04.2026 12:33, Peter Yee wrote:
>>
>> I've issued a WG call for adoption on draft-reddy-emu-pqc-eap-tls and would really like to get opinions on whether this work ought to be adopted. The document is fairly short and the only normative section covers additions to EST (RFC 7030) for optimization purposes by allowing the retrieval of intermediate portions of EAP client and EAP server certificate chains to obviate needing to pass them in-band in the TLS handshake. That part runs 2 pages.
>>
>> Please take a look and send your comments for or against adoption to the mailing list by May 12th.
>>
>> Thank you in advance.
>>
>> 		-Peter
>>
>> On 4/28/26, 11:24 AM, "Peter Yee via Datatracker" <noreply@ietf.org> <noreply@ietf.org> wrote:
>>
>> This message starts a emu WG Call for Adoption of:
>> draft-reddy-emu-pqc-eap-tls-03
>>
>> This Working Group Call for Adoption ends on 2026-05-12
>>
>> Abstract:
>> This document proposes enhancements to TLS-based EAP methods,
>> including the Extensible Authentication Protocol with Transport Layer
>> Security (EAP-TLS), EAP Tunneled TLS (EAP-TTLS), Protected EAP
>> (PEAP), and EAP Tunnel Method (TEAP), to incorporate post-quantum
>> cryptographic mechanisms. It also addresses challenges related to
>> large certificate sizes and long certificate chains, as identified in
>> [RFC9191], and provides recommendations for integrating PQC
>> algorithms into TLS-based EAP deployments.
>>
>> Please reply to this message and indicate whether or not you support adoption
>> of this Internet-Draft by the emu WG. Comments to explain your preference are
>> greatly appreciated. Please reply to all recipients of this message and
>> include this message in your response.
>>
>> Authors, and WG participants in general, are reminded of the Intellectual
>> Property Rights (IPR) disclosure obligations described in BCP 79 [2].
>> Appropriate IPR disclosures required for full conformance with the provisions
>> of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
>> Sanctions available for application to violators of IETF IPR Policy can be
>> found at [3].
>>
>> Thank you.
>> [1] https://datatracker.ietf.org/doc/bcp78/
>> [2] https://datatracker.ietf.org/doc/bcp79/
>> [3] https://datatracker.ietf.org/doc/rfc6701/
>>
>> The IETF datatracker status page for this Internet-Draft is:https://datatracker.ietf.org/doc/draft-reddy-emu-pqc-eap-tls/
>>
>> There is also an HTML version available at:https://www.ietf.org/archive/id/draft-reddy-emu-pqc-eap-tls-03.html
>>
>> A diff from the previous version is available at:https://author-tools.ietf.org/iddiff?url2=draft-reddy-emu-pqc-eap-tls-03
>>
>>
>>
>> _______________________________________________
>> Emu mailing list -- emu@ietf.org
>> To unsubscribe send an email to emu-leave@ietf.org
>>
>> _______________________________________________
>> Emu mailing list -- emu@ietf.org
>> To unsubscribe send an email to emu-leave@ietf.org
>>
>

v2.43.4 | Report a Bug | By Email | System Status