Re: [Emu] [lamps] EAP/EMU recommendations for client cert validation logic

Michael Richardson Wed, 08 Jan 2020 12:01:06 -0800

Alan DeKok <al...@deployingradius.com> wrote:
    alan> Many people use private CAs.  Many use public CAs.  *All* of them
    alan> use id-kp-serverAuth.  Common EAP supplicants (MS / Apple / etc.)
    alan> ship with known root CAs.  These root CAs are trusted by default
    alan> for web browsing.  None are trusted by default for EAP.


How can anyone be using public CAs for EAP, if none are trusted for EAP, and no
public CAs issue certificates with id-kp-serverAuth?


--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

signature.asc
Description: PGP signature

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Re: [Emu] [lamps] EAP/EMU recommendations for client cert validation logic

Reply via email to