On Mon, 28 Aug 2023 at 21:20, Eliot Lear <l...@lear.ch> wrote: > First, section 3.11.1 states that authentication is needed before > provisioning, but C.11. does not show any authentication. Should the > diagram show phase 1 client certificate authentication or phase 2 tunnelled > authentication? Are both valid types of authentication as required by > section 3.1.1? > > C.11 assumes bi-directional certificate exchange OR POK. Perhaps that > should be stated. >
Thanks for this and the other clarifications. It's what I was expecting but I thought I'd check. I'll push a pull request to update the examples C.11. and C.13. (EAP-TLS like exchange) so that the both show client certificate. There's also an extra Intermediate-Result in C.13. -- Heikki Vatiainen h...@radiatorsoftware.com
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
