I think this is a good clarification. -----Original Message----- From: Bernard Aboba [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 06, 2007 2:21 PM To: emu@ietf.org Subject: RE: [Emu] Proposed Resolution to multiple Peer-Id/Server-Id Issue
Also, it has been pointed out that the purpose of the Peer-Id/Server-Id may not be fully explained, so that the following sentence may also need to be added to Section 5.2: "Together the Peer-Id and Server-Id name the entities involved in deriving the MSK/EMSK. " ________________________________ > From: [EMAIL PROTECTED] > To: emu@ietf.org > Date: Tue, 5 Jun 2007 22:04:56 -0700 > Subject: [Emu] Proposed Resolution to multiple Peer-Id/Server-Id Issue > > It has been pointed out that an EAP-TLS certificate can contain multiple subject or subjectAltName fields. > To address this, I propose that we add the following text to Section 5.2: > It is possible for more than one subjectAltName field to be present > in a peer or server certificate. Where more than one subjectAltName > field is present in a certificate, EAP-TLS implementations SHOULD > export all the subjectAltName fields within Peer-Ids or > Server-Ids; all of the exported Peer-Ids and > Server-Ids are considered valid. > Similarly, if more than one subject field is present in a peer or > server certificate, and no subjectAltName field is present, then > EAP-TLS implementations SHOULD export all of the subject fields > within Peer-Ids and Server-Ids; all of the exported Peer-Ids and > Server-Ids are considered valid. _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
