On Jan 8, 2020, at 3:00 PM, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > > Alan DeKok <al...@deployingradius.com> wrote: > alan> Many people use private CAs. Many use public CAs. *All* of them > alan> use id-kp-serverAuth. Common EAP supplicants (MS / Apple / etc.) > alan> ship with known root CAs. These root CAs are trusted by default > alan> for web browsing. None are trusted by default for EAP. > > How can anyone be using public CAs for EAP, if none are trusted for EAP, and > no > public CAs issue certificates with id-kp-serverAuth?
Every CA is manually enabled. Either by an end user, or by / on behalf of, an administrator. The goal I'd like to reach is some method to allow supplicants to automatically trust and enable certificates for EAP. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
