TLS Inner Application?

Simon Josefsson simon at
Wed Feb 9 19:55:38 CET 2011

Jouni Malinen <jkmalinen at> writes:

> On Wed, Feb 9, 2011 at 1:28 PM, Nikos Mavrogiannopoulos <nmav at> wrote:
>> Currently I have removed the TLS/IA implementation from what is to become
>> 3.0.0 release, on the basis that the protocol itself is not published (and there
>> is no indication that somebody plans to do it). Would submitting EAP-TTLSv1
>> to that process mean that somebody would revive the TLS/IA draft, or could
>> they even modifying the method completely to avoid TLS/IA?
>> (is there anyone to contact about that?)
> If someone were to want to push for EAP-TTLSv1 to be used, then yes,
> TLS/IA would probably need to be revived, too. Both of these internet
> drafts expired years ago and I have not heard of much activity behind
> them since then. The design could be changed completely, too, but I'm
> not sure whether TTLSv1 would be the best starting point if that is
> the goal. Anyway, I would hope that we will know quite a bit more
> later this year. The IETF emu working group is the most likely place
> where activity on this area would happen.
>> In any case the version to be released (2.12.x) will have this functionality
>> available but marked as deprecated. If the protocol revives I'll add the
>> functionality back to the development branch as well.
> OK. I will probably remove the preliminary EAP-TTLSv1 implementation
> from hostapd/wpa_supplicant later this year once the emu process gets
> a bit further (obviously assuming that it does not move towards
> TTLSv1).

Thanks for update -- based on this I think we are right to remove the
implementation for GnuTLS 3.0.  TLS/IA will still be available on older
releases (and even in the next stable release) and if there is ever more
interest in it, I'm sure we can revive the patches.  It sounds as if
TLS/IA is not going to look the same if it ever reaches RFC status.


More information about the Gnutls-devel mailing list