With a very quick skim, it appears that you are trying to do the same thing as RFC 7585.
Russ > On Nov 9, 2019, at 12:33 PM, Jan-Frederik Rieckers <rieck...@uni-bremen.de> > wrote: > > Signed PGP part > Hi to all, > > I have submitted a draft for a new X509v3 extension to improve security > in EAP environments by including information which is implicitly defined > by the communication context in the certificate . > This is done e.g. by including the Realm of the username in the > certificate, to give clients the opportunity to decide if the > certificate can be trusted apart from (user-set) configuration. > > https://datatracker.ietf.org/doc/draft-rieckers-eapparameterextension/ > > This is a very early working state. I would be happy to get feedback if > this is useful and the draft goes into the right direction. > > If people are interested I would prepare a short presentation about > deployment experiences in the eduroam at the University Bremen, > which have lead to this draft, together with the basic idea how to solve > these problems. > > Probably this draft is not one which can or will be adopted by the EMU > working group, but I think this is the right group of people for a first > feedback. > > Kind regards > > Jan-Frederik Rieckers > > > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
