[{"author": "Yoav Nir", "text": "<p>Usual rules. If you want what you say to be conveyed at the room mic, please preface it with \"mic:\"</p>", "time": "2023-03-27T00:31:41Z"}, {"author": "Yoav Nir", "text": "<p>Assuming the background of these slides is white, the projector in room G412 is ridiculously dim.</p>", "time": "2023-03-27T00:34:02Z"}, {"author": "Peter Yee", "text": "<p>Yes, white background.</p>", "time": "2023-03-27T00:36:21Z"}, {"author": "Eliot Lear", "text": "<p>is this with Basic-Password-Auth?</p>", "time": "2023-03-27T00:41:34Z"}, {"author": "Alexander Clouter", "text": "<p>the problem is if you have a mix of single round authentication clients and chained authentication</p>", "time": "2023-03-27T00:42:08Z"}, {"author": "Dan Harkins", "text": "<p>isn't this what standards are for? We need to define what proper behavior is instead of just documenting what Windows does.</p>", "time": "2023-03-27T00:44:02Z"}, {"author": "John Preu\u00df Mattsson", "text": "<p>I think the TLS 1.2 profiling needs work for this to be worthy of 2023 standards track. RFC 7540 was best practice 2015. Legacy interop is tricky so I don't think the draft needs to forbid as much as the 2025 RFC 7540.</p>\n<p>What I strongly thing the draft must add is</p>\n<ol>\n<li>\n<p>Add. \"This version of the TEAP implementation MUST support and prefer TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with the P-256 elliptic curve\". This is the cipher suite mandated by HTTP/2.</p>\n</li>\n<li>\n<p>Refer to BCP 195 (RFC 9325, RFC 8996)</p>\n</li>\n</ol>\n<p>Nit: TLS RFC spells \"cipher suite\"</p>", "time": "2023-03-27T00:44:12Z"}, {"author": "Yoav Nir", "text": "<p>mic? either of you?</p>", "time": "2023-03-27T00:45:27Z"}, {"author": "Eliot Lear", "text": "<p>I'll just add, I wouldn't mind if someone wanted to add an identity TLV</p>", "time": "2023-03-27T00:51:02Z"}, {"author": "Eliot Lear", "text": "<p>i like the idea of the client and server doing a capabilities exchange</p>", "time": "2023-03-27T00:51:27Z"}, {"author": "Alexander Clouter", "text": "<p>as it is optional and solves this problem so would be useful, even for TEAPv1/7170bis</p>", "time": "2023-03-27T00:52:52Z"}, {"author": "Massimiliano Pala", "text": "<p>Is it an identity hint or an identifier?</p>", "time": "2023-03-27T00:53:11Z"}, {"author": "Heikki Vatiainen", "text": "<p>about identity being \"\" (empty string) and using \"credentials not available\". I'd say this a correct error message would be something like \"authentication method not configured\" or similar that tells the client (in this case) doesn't now how to authenticate vs. what identity to use</p>", "time": "2023-03-27T00:56:12Z"}, {"author": "Yoav Nir", "text": "<p>If we're specifying a ciphersuite in 2023, do we specify anything with _RSA_ ?</p>", "time": "2023-03-27T00:56:29Z"}, {"author": "Dan Harkins", "text": "<p>not RSA key exchange but RSA sig are fine</p>", "time": "2023-03-27T00:58:11Z"}, {"author": "Yoav Nir", "text": "<p>RSA sigs are fine if your keys are big enough, and by now the recommendations are really big ones.</p>", "time": "2023-03-27T00:59:32Z"}, {"author": "Dan Harkins", "text": "<p>ECDHE and ECDSA</p>", "time": "2023-03-27T00:59:43Z"}, {"author": "Eliot Lear", "text": "<p>thanks everyone.</p>", "time": "2023-03-27T01:12:07Z"}, {"author": "Dan Harkins", "text": "<p>(thumbs up emoji)</p>", "time": "2023-03-27T01:19:54Z"}, {"author": "Peter Yee", "text": "<p>We will run a show of hands in Meetecho.</p>", "time": "2023-03-27T01:20:19Z"}, {"author": "Dan Harkins", "text": "<p><span aria-label=\"+1\" class=\"emoji emoji-1f44d\" role=\"img\" title=\"+1\">:+1:</span></p>", "time": "2023-03-27T01:21:01Z"}, {"author": "Alan DeKok", "text": "<p><a href=\"https://github.com/emu-wg/rfc7170bis/issues/16\">https://github.com/emu-wg/rfc7170bis/issues/16</a><br>\n<a href=\"https://github.com/emu-wg/rfc7170bis/issues/15\">https://github.com/emu-wg/rfc7170bis/issues/15</a></p>", "time": "2023-03-27T01:23:02Z"}, {"author": "Massimiliano Pala", "text": "<p>We are working on the evolution of EAP-CREDS that has some elements that might be in common. However, EAP-CREDS is to be used AFTER authentications and does not explicitly tackle bootstrapping - it is more focused on the management after the bootstrapping is done (that part is usually not well managed across access networks... e.g., policy)</p>", "time": "2023-03-27T01:35:32Z"}, {"author": "Massimiliano Pala", "text": "<p>(related to EAP onboarding)</p>", "time": "2023-03-27T01:35:50Z"}, {"author": "John Preu\u00df Mattsson", "text": "<p>I will follow up EAP TLS PSK discussion and IoT EAP on the mailing list.</p>", "time": "2023-03-27T01:45:43Z"}, {"author": "Massimiliano Pala", "text": "<p>Thank you!</p>", "time": "2023-03-27T01:47:41Z"}, {"author": "Alexander Clouter", "text": "<p>thanks all!</p>", "time": "2023-03-27T01:47:45Z"}]