eap Mailing List: Re: draft-arkko-eap-service-identity-auth-04

[Jari Arkko (jari.arkko]

> I was thinking of Tunneled methods. Since we are going to have a new 
> version of EAP-TLS, I think it could be possible to define a framwork 
> allowing, among others, parameter object exchange; between TLS 
> Finished and EAP-Success.
Sure. We already had (and may still have - I don't remember) an
extension for PEAP that did this. But for pure EAP-TLS its harder.
Note that EMU BoF/WG has proposed work item that deals with
EAP-TLS extensions to support all RFC 4017 features, including
channel bindings. So it could be handled there. But it won't necessarily
be EAP-TLS as we know it, likely a new type code is needed.

--Jari