On 2019-11-13 4:07 a.m., Alan DeKok wrote:
> On Nov 12, 2019, at 11:43 AM, Russ Housley <hous...@vigilsec.com> wrote:
>> Can the extended key usage for EAP over a LAN ( id-kp-eapOverLAN ) solve
>> this for you? It is defined in RFC 4334. A certificate for Web PKI should
>> not include this extended key usage.
>>
>> RFC 4334 also offers a certificate extension that lists the SSIDs that are
>> associated with the server.
> That does sound relevant. I wasn't even aware of that document.
>
> While RFC 4334 offers the id-kp-eapOverLAN OID, I'm not aware of anyone
> using it. Even Microsoft supplicants still require the TLS web server auth
> OID (1.3.6.1.5.5.7.3.1).
I think that the issue isn't, can we find or define a OID that has the
right semantics.
I think that the issue whether or not any public CAs are willing to
include that into a certificate.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
