On Fri, 18 Aug 2023 at 19:57, Alan DeKok <al...@deployingradius.com> wrote:
> On Aug 18, 2023, at 12:47 PM, Heikki Vatiainen <h...@radiatorsoftware.com>
> wrote:
> > Should it be noted that this provisioning method is only available
> > with TLS 1.2 and earlier because the method requires anonymous
> > ciphersuites? It confirms to the reader that this is the intended
> > case.
>
> How about this:
>
> Note that server unauthenticated provisioning can only use anonymous
> cipher suites in TLS 1.2 and earlier. These cipher suites have been
> deprecated in TLS 1.3 ({{RFC8446}} Section C.2). For TLS 1.3, the
> server MUST provide a certificate, and the peer performs server
> unauthenticated provisioning by not validating the certificate chain
> or any of its contents.
>
>
> The last sentence is suggested by the RFC8446 Section C.2
>
Good find, looks good. Small fix, though. It's section C.5, not C.2.
--
Heikki Vatiainen
h...@radiatorsoftware.com
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
