[TLS] EAP-TLS: can someone clue me in?
Watson Ladd <watsonbladd@gmail.com> Tue, 02 February 2021 05:34 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C3383A1CB3 for <tls@ietfa.amsl.com>; Mon, 1 Feb 2021 21:34:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYPYqyBfjAap for <tls@ietfa.amsl.com>; Mon, 1 Feb 2021 21:33:58 -0800 (PST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE5293A1A15 for <tls@ietf.org>; Mon, 1 Feb 2021 21:32:06 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id sa23so11712176ejb.0 for <tls@ietf.org>; Mon, 01 Feb 2021 21:32:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=uKyehpeQP6TD1TomhngeT6pMKu6ZH2vgsBcK4J9/o2k=; b=kd77nZLUIxlEOwSuIM02Je7Z7Gfg1vFaZUkqsbMaWDaYuGIk9SUsvl9bZ1uwKhDj5C QeWmcAbh6TVLoVoL0IxUS+oL1QmWNxSyL0j06Vm4cm5SoE0V51jQula/elQC2VAeCpv7 tIwYUFYQLt6afDlsPGtXPlnMd16WH28mdNKoCDtR0pSb2gMB2+Qfh5P1NAyn/vxUFKF3 SDYLAkWAN3sPU27aWkot8pfGXIwWE8VfQLYOo+cgE3D+3WuaKuVIruxrez8Xo8GEkdga W/A256/YX/Zo5S5sEf95jCJgYt8FKmbM1vVdTLa89QwQzp6cZkB9dQJPObpHhYEJWqdq XMWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=uKyehpeQP6TD1TomhngeT6pMKu6ZH2vgsBcK4J9/o2k=; b=AhOWBJXtvwCrabY6grEXwQGCVQ6a51rNa64tOQ1uFlGwJeVGFrvpHBDMr+L1ZrBwMY r/8t3EF13wMK/fWvccjs5Fm8PxrNfkNx736KKJOHUoS1Yi2DWVAfsWluaCW2CqUg5hR3 e3G8LrwBKjba8whIPok7A3FB3CsJrOlNRL+4MvQMXJJwmEXE7Th5KrZVWaRcnC6Ys+Kg Ygq19pjPF3LIK9ToQODSvyChqCrCqL9c7dXRiE1qDOSPvnN+blwwxFAOGnwKoxpeIsSL eWerg4f7Vu0Ulh+iadVDEEN1qfW60YltiyKFkQNv6aAR1V9rA/wG21SoA3BX4lVCeE9t a5tw==
X-Gm-Message-State: AOAM531Rk2l5Cz9AveCIv9nfY2DmxzMqiL/p4aMeL+kzNQzy2+ZBHihL fVha8ySYB5jQtum9Sx/u8PJufG66pTPznoCGXc6YP85jjR8=
X-Google-Smtp-Source: ABdhPJxg8JCLZXrrTNDksvLYQOxNNg4+I5xtouBdNGTHDxALYTG1/sFUKTnS7hbds1JFkafttyFDaSytws5VRRoOFRw=
X-Received: by 2002:a17:907:961c:: with SMTP id gb28mr20277675ejc.393.1612243924550; Mon, 01 Feb 2021 21:32:04 -0800 (PST)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Mon, 01 Feb 2021 21:31:53 -0800
Message-ID: <CACsn0c=nMG=K-XA9UJxsMQq6574Te-Pg7Yr9ASoZzN-rp4n+yA@mail.gmail.com>
To: TLS List <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Lu1_ECCO643w-QMA73REAaJx2ZE>
Subject: [TLS] EAP-TLS: can someone clue me in?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 05:34:07 -0000
Dear all, After reading all 50 odd emails I'm perpetually confused as to what is going on, each email and the doc confusing me further. It seems that similar to QUIC there is an attempt to put TLS over a non TCP transport and then use for signaling user authentication via X509 certificates, and that the server needs to indicate whether authentication is successful or not. Looking at 8446 E.1.2 it seems that only application layer for TLS messages from the server can confirm this, but I'm not sure that this actually is the conclusion of all those emails. The other conclusion I draw is just as QUIC required special adaption, we may want to consider embedding TLS in other protocols more systemically, although I have no applications at this time. Sincerely, Watson -- Astra mortemque praestare gradatim
- [TLS] EAP-TLS: can someone clue me in? Watson Ladd