Joseph Salowey <j...@salowey.net> wrote:
>> I suggest:
>>
>> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate
>> recovation checks, MUST implement Certificate Status Requests using OCSP
>> stapling as specified in Section 4.4.2.1 of [RFC8446].
> [Joe] Thanks Michael, I think your suggestion is a better way to phrase
it
Just so that we are clear: this mandates OCSP+stapling for systems that do
revocation checks.
Systems that don't do revocation checks (current mbedtls), therefore don't
need to do OCSP or stapling.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
