I think I'm OK without any modifications. Thanks. > On Apr 9, 2025, at 6:07 PM, Joseph Salowey <j...@salowey.net> wrote: > [Joe] We have an item from the last charter revision: > > "While TLS-based EAP mechanisms provide strong channel protections, if the > client does not authenticate and validate the server's credentials properly > (possibly owing to a lack of provisioned information necessary to undertake > that validation), an EAP mechanism running over TLS that relies on passwords > is vulnerable to client credential theft, much the same as password > authentication over plain TLS is. The FIDO Alliance and the W3C have > developed a passwordless authentication scheme known as FIDO2, which combines > elements of the W3C's WebAuthn and FIDO's CTAP standards. The group will > devise an EAP method suitable for use with passwordless authentication > schemes such as the CTAP2 version of FIDO2." > > We could make some modifications to this if necessary. We also have some > items for provisioning. > > Alan DeKok. >
_______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
