[{"author": "Mark Donnelly", "text": "<p>I've lost sound.  Is everyone else getting sound?</p>", "time": "2023-03-28T08:05:10Z"}, {"author": "Alexander Clouter", "text": "<p>yep, getting sound here</p>", "time": "2023-03-28T08:05:27Z"}, {"author": "Mark Donnelly", "text": "<p>Thanks.  I'll exit and come back.</p>", "time": "2023-03-28T08:05:42Z"}, {"author": "Alexander Clouter", "text": "<p>'read'</p>", "time": "2023-03-28T08:25:25Z"}, {"author": "Alexander Clouter", "text": "<p>Doesn't TLS-PSK mostly target non-roaming anyway, I am thinking of enterprises plumbing their switch/AP into their RADIUS server?</p>", "time": "2023-03-28T08:32:54Z"}, {"author": "Dan Harkins", "text": "<p>I guess tls-srp is out of the question....</p>", "time": "2023-03-28T08:34:33Z"}, {"author": "Dan Harkins", "text": "<p>as is tls-pwd...</p>", "time": "2023-03-28T08:34:43Z"}, {"author": "Alan DeKok", "text": "<p><span class=\"user-mention\" data-user-id=\"1558\">@Alexander Clouter</span> yes, pretty much.  Or at least where there are fixed relationships between parties</p>", "time": "2023-03-28T08:35:34Z"}, {"author": "Alan DeKok", "text": "<p><span class=\"user-mention\" data-user-id=\"1661\">@Dan Harkins</span> non-cert TLS is fine by me.  The question is does OpenSSL support it?</p>", "time": "2023-03-28T08:36:11Z"}, {"author": "Alexander Clouter", "text": "<p>I think with tls-{srp,pwd} you would be introducing a concept of a 'user' into an environment that typically does not use it for machine-to-machine authentication</p>", "time": "2023-03-28T08:37:07Z"}, {"author": "Alexander Clouter", "text": "<p>(assuming we are talking still as an alternative to TLS-PSK?)</p>", "time": "2023-03-28T08:37:56Z"}, {"author": "Dan Harkins", "text": "<p>openssl supports tls-srp. I added tls-pwd to openssl-1.0.0 but it the code base has changed so much it's no longer portable....</p>", "time": "2023-03-28T08:38:03Z"}, {"author": "Mark Grayson", "text": "<p>Cisco implemented naiRealm in its DPD code, but now OpenRoaming is moving to DNSSec</p>", "time": "2023-03-28T08:38:06Z"}, {"author": "Dan Harkins", "text": "<p>not really a \"user\" but an \"identity\" of the key.</p>", "time": "2023-03-28T08:38:28Z"}, {"author": "Hannes Tschofenig", "text": "<p>Happy to review the document</p>", "time": "2023-03-28T08:38:56Z"}, {"author": "Alexander Clouter", "text": "<p>well, with TLS-PSK I suppose you can see that as the subject in a cert or even the 'PSK Identity' for TLS-PSK</p>", "time": "2023-03-28T08:39:15Z"}, {"author": "Hannes Tschofenig", "text": "<p>IMHO there is no problem with TLS/DTLS 1.2.</p>", "time": "2023-03-28T08:40:59Z"}, {"author": "Hannes Tschofenig", "text": "<p>So, if you need features from 1.3 then you should obviously use it.</p>", "time": "2023-03-28T08:41:14Z"}, {"author": "Hannes Tschofenig", "text": "<p>From a security point of view 1.2 is fine (with the appropriate profile)</p>", "time": "2023-03-28T08:41:28Z"}, {"author": "Alexander Clouter", "text": "<p>'read'</p>", "time": "2023-03-28T08:50:51Z"}, {"author": "Mark Donnelly", "text": "<p><em>read</em></p>", "time": "2023-03-28T08:51:10Z"}, {"author": "Matthew Newton", "text": "<p>read</p>", "time": "2023-03-28T08:51:30Z"}, {"author": "Mark Donnelly", "text": "<p>I'm getting the sense that Alan would like to avoid negotiation ;-)</p>", "time": "2023-03-28T08:56:18Z"}, {"author": "Heikki Vatiainen", "text": "<p>Adding a tracking attribute could also grow the response so that it will cause fragmentation on the UDP layer. For example when EAP-TLS is used with client certificate information. Access-Challenges could grow over the fragmentation level</p>", "time": "2023-03-28T09:00:46Z"}, {"author": "Hannes Tschofenig", "text": "<p>Bluetooth roaming: sounds cool</p>", "time": "2023-03-28T09:00:47Z"}, {"author": "Alexander Clouter", "text": "<p>thanks everyone!</p>", "time": "2023-03-28T09:01:39Z"}]