This may be a stupid question, but I can’t find an explanation in the draft or
figure it out myself... If the intended application for this TLS extension is
network access, might it be simpler to define a new EAP method that used a
similar key exchange? That would avoid touching implementations
Hi Josh,
TLS-pok is a one-off. It's not for network access, it's to use a
trusted public key bootstrapped in any of the ways DPP has defined
to authenticate something like TEAP. TLS-pok authenticates the "outer"
TEAP tunnel and inside that tunnel a PKCS#10/PKCS#7 exchange happens
and the dev
