eap Mailing List: Re: draft-arkko-eap-service-identity-auth-04

[Mohamad Badra (badra]

Jari Arkko wrote:

> badra wrote:
>
> > Extensions introduced in 3546 will not be able to convey different 
> > parameter objects, unless a full TLS session takes place. Or the 
> > extension introduced in the draft allows that, in which more 
> > clarifications may be added to its definition.
> >
> > BTW, why we don't use AVPs or TLVs to carry parameter objects instead 
> > of using a new TLS extension.
>
> Good questions. In general, the TLS support in the draft is somewhat
> suspect in any case, because getting it done would indeed require
> an extension in the standards track, if I recall the TLS IANA rules
> correctly.
>
> What AVPs or TLVs were you thinking of? I was not aware that there
> was any other place in TLS than the extensions to put additional
> new information, but is there? And EAP-TLS format is already fixed
> to be TLS record protocol messages, nothing else. 


I was thinking of Tunneled methods. Since we are going to have a new 
version of EAP-TLS, I think it could be possible to define a framwork 
allowing, among others, parameter object exchange; between TLS Finished 
and EAP-Success.

Best regards,
Badra