[{"author": "Mark Donnelly", "text": "
I've lost sound. Is everyone else getting sound?
", "time": "2023-03-28T08:05:10Z"}, {"author": "Alexander Clouter", "text": "yep, getting sound here
", "time": "2023-03-28T08:05:27Z"}, {"author": "Mark Donnelly", "text": "Thanks. I'll exit and come back.
", "time": "2023-03-28T08:05:42Z"}, {"author": "Alexander Clouter", "text": "'read'
", "time": "2023-03-28T08:25:25Z"}, {"author": "Alexander Clouter", "text": "Doesn't TLS-PSK mostly target non-roaming anyway, I am thinking of enterprises plumbing their switch/AP into their RADIUS server?
", "time": "2023-03-28T08:32:54Z"}, {"author": "Dan Harkins", "text": "I guess tls-srp is out of the question....
", "time": "2023-03-28T08:34:33Z"}, {"author": "Dan Harkins", "text": "as is tls-pwd...
", "time": "2023-03-28T08:34:43Z"}, {"author": "Alan DeKok", "text": "@Alexander Clouter yes, pretty much. Or at least where there are fixed relationships between parties
", "time": "2023-03-28T08:35:34Z"}, {"author": "Alan DeKok", "text": "@Dan Harkins non-cert TLS is fine by me. The question is does OpenSSL support it?
", "time": "2023-03-28T08:36:11Z"}, {"author": "Alexander Clouter", "text": "I think with tls-{srp,pwd} you would be introducing a concept of a 'user' into an environment that typically does not use it for machine-to-machine authentication
", "time": "2023-03-28T08:37:07Z"}, {"author": "Alexander Clouter", "text": "(assuming we are talking still as an alternative to TLS-PSK?)
", "time": "2023-03-28T08:37:56Z"}, {"author": "Dan Harkins", "text": "openssl supports tls-srp. I added tls-pwd to openssl-1.0.0 but it the code base has changed so much it's no longer portable....
", "time": "2023-03-28T08:38:03Z"}, {"author": "Mark Grayson", "text": "Cisco implemented naiRealm in its DPD code, but now OpenRoaming is moving to DNSSec
", "time": "2023-03-28T08:38:06Z"}, {"author": "Dan Harkins", "text": "not really a \"user\" but an \"identity\" of the key.
", "time": "2023-03-28T08:38:28Z"}, {"author": "Hannes Tschofenig", "text": "Happy to review the document
", "time": "2023-03-28T08:38:56Z"}, {"author": "Alexander Clouter", "text": "well, with TLS-PSK I suppose you can see that as the subject in a cert or even the 'PSK Identity' for TLS-PSK
", "time": "2023-03-28T08:39:15Z"}, {"author": "Hannes Tschofenig", "text": "IMHO there is no problem with TLS/DTLS 1.2.
", "time": "2023-03-28T08:40:59Z"}, {"author": "Hannes Tschofenig", "text": "So, if you need features from 1.3 then you should obviously use it.
", "time": "2023-03-28T08:41:14Z"}, {"author": "Hannes Tschofenig", "text": "From a security point of view 1.2 is fine (with the appropriate profile)
", "time": "2023-03-28T08:41:28Z"}, {"author": "Alexander Clouter", "text": "'read'
", "time": "2023-03-28T08:50:51Z"}, {"author": "Mark Donnelly", "text": "read
", "time": "2023-03-28T08:51:10Z"}, {"author": "Matthew Newton", "text": "read
", "time": "2023-03-28T08:51:30Z"}, {"author": "Mark Donnelly", "text": "I'm getting the sense that Alan would like to avoid negotiation ;-)
", "time": "2023-03-28T08:56:18Z"}, {"author": "Heikki Vatiainen", "text": "Adding a tracking attribute could also grow the response so that it will cause fragmentation on the UDP layer. For example when EAP-TLS is used with client certificate information. Access-Challenges could grow over the fragmentation level
", "time": "2023-03-28T09:00:46Z"}, {"author": "Hannes Tschofenig", "text": "Bluetooth roaming: sounds cool
", "time": "2023-03-28T09:00:47Z"}, {"author": "Alexander Clouter", "text": "thanks everyone!
", "time": "2023-03-28T09:01:39Z"}]