On Aug 20, 2023, at 5:15 AM, Alexander Clouter <alex+i...@coremem.com> wrote: > > On Fri, 18 Aug 2023, at 01:01, Michael Richardson wrote: >> I'm not sure it's sane to use EAP-TLS for Inner method myself. > > If you mean in the general sense, I can imagine placing the user credential > on a hardware key whilst the machine credential is either a regular software > keychain or even more exotic and tied to the TPM.
Or both user and machine do EAP-TLS. Only one certificate can be sent over TLS in Phase 1. The other has to be sent in EAP-TLS in Phase 2. But I do agree... TLS inside of TLS just seems bad. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
