[{"author": "Alan DeKok", "text": "<p>There's a few more topics after that, but yes, those are top</p>", "time": "2023-01-11T17:02:13Z"}, {"author": "Alexander Clouter", "text": "<p>For TEAPv2 I probably would suggest just forbidding inner authentication methods that do not provide an MSK/EMSK</p>", "time": "2023-01-11T17:17:03Z"}, {"author": "Eliot Lear", "text": "<p>@Alex what does that mean for PKCS10/PKCS7 requests?</p>", "time": "2023-01-11T17:17:28Z"}, {"author": "Eliot Lear", "text": "<p>I think we have to be a lot more crisp about all of this for T2</p>", "time": "2023-01-11T17:17:38Z"}, {"author": "Alexander Clouter", "text": "<p>PKCS{7,10} is more an action request for bootstrapping/provisioning rather than proving who you are though, right?</p>", "time": "2023-01-11T17:18:34Z"}, {"author": "Alexander Clouter", "text": "<p>bootstrapping after you are already authenticated, so a post-bootstrapping</p>", "time": "2023-01-11T17:18:50Z"}, {"author": "Eliot Lear", "text": "<p>well.... there is identity information in both, but they are not METHODS and that's the issue.</p>", "time": "2023-01-11T17:20:18Z"}, {"author": "Eliot Lear", "text": "<p>they have no byproducts</p>", "time": "2023-01-11T17:20:28Z"}, {"author": "Heikki Vatiainen", "text": "<p>Just remembered about 5770: add a note that 64 octets need to be pulled from TLS-PRF even if only 32 first octets are needed?</p>", "time": "2023-01-11T17:20:59Z"}, {"author": "Eliot Lear", "text": "<p>and side effects COULD produce something, but that would be an asymmetric key op with an exchnaged nonce</p>", "time": "2023-01-11T17:21:04Z"}, {"author": "Alexander Clouter", "text": "<p>but do they occur only after an inner authentication (or resumed session)?</p>", "time": "2023-01-11T17:21:48Z"}, {"author": "Eliot Lear", "text": "<p>no, there needn't be an inner auth</p>", "time": "2023-01-11T17:22:27Z"}, {"author": "Eliot Lear", "text": "<p>only an outer auth</p>", "time": "2023-01-11T17:22:32Z"}, {"author": "Alexander Clouter", "text": "<p>not really my comfort zone as not had to rub up against those attributes in anger</p>", "time": "2023-01-11T17:24:13Z"}, {"author": "Alexander Clouter", "text": "<p>...or even at all</p>", "time": "2023-01-11T17:24:31Z"}, {"author": "Eliot Lear", "text": "<p>Nobody did until recently.  That's the problem</p>", "time": "2023-01-11T17:24:45Z"}, {"author": "Eliot Lear", "text": "<p>I'm soon to become a pumpkin</p>", "time": "2023-01-11T17:28:12Z"}, {"author": "Peter Yee", "text": "<p>I'll take over when you do, Eliot.</p>", "time": "2023-01-11T17:30:32Z"}, {"author": "Eliot Lear", "text": "<p>Ok, Peter, you're up!</p>", "time": "2023-01-11T17:33:10Z"}, {"author": "Eliot Lear", "text": "<p>Thanks, everyone!</p>", "time": "2023-01-11T17:33:17Z"}, {"author": "Peter Yee", "text": "<p>Thanks, Eliot.</p>", "time": "2023-01-11T17:33:26Z"}, {"author": "Alexander Clouter", "text": "<p>curious, are we raising hands, or just chipping in whenever</p>", "time": "2023-01-11T17:39:11Z"}, {"author": "Alan DeKok", "text": "<p>If no one has implemented PAC, then for me that's a string signal to remove it.</p>", "time": "2023-01-11T17:47:26Z"}, {"author": "Alan DeKok", "text": "<p>I've got nothing else for today</p>", "time": "2023-01-11T17:47:38Z"}, {"author": "Alan DeKok", "text": "<p>sounds good</p>", "time": "2023-01-11T17:48:45Z"}, {"author": "Alan DeKok", "text": "<p>thanks!</p>", "time": "2023-01-11T17:50:26Z"}, {"author": "Alan DeKok", "text": "<p>I'll be in Yokohama</p>", "time": "2023-01-11T17:50:43Z"}]