The EAP-TLS Authentication Protocol
RFC 5216

Note: This ballot was opened for revision 13 and is now closed.

(Jari Arkko) Yes

Comment (2008-01-10)
Great document. Thanks.

(Sam Hartman) Yes

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Lisa Dusseault) No Objection

(Lars Eggert) No Objection

(Russ Housley) No Objection

(Cullen Jennings) No Objection

(Chris Newman) (was Discuss, No Objection) No Objection

Comment (2008-01-25)
In this excerpt:
----
   all of the following TLS ciphersuites:

       TLS_RSA_WITH_RC4_128_MD5
       TLS_RSA_WITH_RC4_128_SHA
       TLS_RSA_WITH_AES_128_CBC_SHA

   In addition, EAP-TLS peers SHOULD support the following TLS
   ciphersuites defined in [RFC3268]:

       TLS_RSA_WITH_AES_128_CBC_SHA
       TLS_RSA_WITH_RC4_128_SHA
----

There are two errors: 1. two of the cipher suites are listed twice.
2. the RC4_128 cipher suite is not defined in RFC 3268.

Q: Would it be useful for this protocol to recommend support for the
server name indication extension in RFC 4366?  Otherwise the server
requires an IP address for each name it supports.

I agree with the following proposed resolution from Bernard Aboba:

2.4.  Ciphersuite and Compression Negotiation

   EAP-TLS implementations MUST support TLS v1.0.

   EAP-TLS implementations need not necessarily support all TLS
   ciphersuites listed in [RFC4346].  Not all TLS ciphersuites are
   supported by available TLS tool kits and licenses may be required in
   some cases.

   To ensure interoperability, EAP-TLS peers and servers MUST support
   the TLS [RFC4346] mandatory-to-implement ciphersuite:

       TLS_RSA_WITH_3DES_EDE_CBC_SHA
 
   EAP-TLS peers and servers SHOULD also support and be able
   to negotiate the following TLS ciphersuites:
 
        TLS_RSA_WITH_RC4_128_SHA [RFC4346]
        TLS_RSA_WITH_AES_128_CBC_SHA [RFC3268]

   In addition, EAP-TLS servers SHOULD support and be able to negotiate
   the following TLS ciphersuite:

       TLS_RSA_WITH_RC4_128_MD5 [RFC4346]

   Since TLS supports ciphersuite negotiation, peers completing the TLS
   negotiation will also have selected a ciphersuite, which includes
   encryption and hashing methods.  Since the ciphersuite negotiated
   within EAP-TLS applies only to the EAP conversation, TLS ciphersuite
   negotiation MUST NOT be used to negotiate the ciphersuites used to
   secure data.

   TLS also supports compression as well as ciphersuite negotiation.
   However, during the EAP-TLS conversation the EAP peer and server MUST
   NOT request or negotiate compression.

(Jon Peterson) No Objection

(Tim Polk) No Objection

(Dan Romascanu) No Objection

(Mark Townsley) No Objection

(David Ward) No Objection

(Magnus Westerlund) No Objection