On Thu, 19 Mar 2026, at 10:20, Eliot Lear wrote: > > My only question is whether this is really something that should be a > short separate draft that updates EAP itself.
I think this always comes back to who is going to implement this in a supplicant. Android may be 'straight forward' but getting Microsoft and Apple onboard, I have no idea how to do that. We might be able to retrofit this EAP-TLS as if we force the the L(ength) attribute, commandeer a reserved bit to state Outer TLVs are present and slip on some (unsecured) Outer TLVs. A bad actor could push that down to 200ish bytes which means a 5x increase in round trips though maybe this is not the end of the world. Easier may be to add this to EAP-TTLS and PEAP as there are inner attributes we should be able to add and existing implementations hopefully would ignore. My thoughts, I suspect the "fix fragments at the source" EAP ship has sailed. On a related note, Mark Donnelly and I are working (read as "barely started") on tweaks to hostapd and FreeRADIUS to 'repack' EAP-TLS/TTLS/PEAP/... fragments to split a single EAP message over multiple RADIUS requests. Hopefully that leads to an informational draft. Cheers _______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
