On Dec 17, 2019, at 1:51 PM, Michael Richardson wrote:
> } If at some point in the future, there is one or more well-known trust
> } anchors that (IoT?) devices can build in, and these CAs are willing to issue
> } certs with some or all of the above fields, can we design a transition
> } process f
Owen Friel (ofriel) wrote:
> “Background:
> a) the current practice in TLS-based EAP methods is to use certificates
with
> "id-kp-serverAuth" OID set for Extended Key Usage.
> b) many supplicants check for this OID, and refuse to perform
authentication
> if it is missing
Hi,
At ACME meeting at IETF106, the last discussion of the week was around EMU
looking for recommendations for EAP client/peer/supplicant cert verification
logic when the client is verifying the cert that the EAP server presents.
Minutes here: https://datatracker.ietf.org/doc/minutes-106-acme/
