> > So I see this as two new methods: > > > > 1) tunnelled FIDO - for use in TTLS, PEAP, or other TLS-based EAP methods. > > > > 2) TLS-based method with tunnelled FIDO - it can make new / stronger > > requirements on CA validation, server identity, etc. > > So (2) would be the moral equivalent of (1) inside an existing tunnelled > method where WebPKI is mandated for server cert validation? > > I have worked with organisations who run AD Certificate Services for the sole > purpose of issuing a single server certificate for their NPS cluster, so I am very > much in favour of making server certificate validation simpler. > However, I think we need to be very circumspect about out-sourcing that to > the WebPKI. Is there another IETF protocol that does this?
To be clear, what I mean is whether there is another IETF protocol that *mandates* the use of WebPKI? _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
