Alan DeKok wrote:
> The simplest way to do this may be to require that any provisioning
> phase result in EAP Failure. The inner tunnel can return the
> credentials, crypto-binding TLV, and a Result TLV which indicates
> success. But the final outer EAP packet should be EAP Fa
I don't think this is a substantive change, because what Heikki is
raising is entirely a matter of server-side policy. I also am not sure
it's the right change. For one thing, if a server is willing to issue a
new certificate, that's likely a policy statement that everything is
AOK. For anot
On Wed, 2 Aug 2023, at 18:49, Eliot Lear wrote:
> Keep this in mind: end devices should be presumed to be pressed for
> resources, and anything requiring additional unnecessary authentications
> should be avoided in that case.
I could imagine a realtime video streaming device that during a repro
On Aug 2, 2023, at 1:49 PM, Eliot Lear wrote:
> I don't think this is a substantive change, because what Heikki is raising is
> entirely a matter of server-side policy. I also am not sure it's the right
> change. For one thing, if a server is willing to issue a new certificate,
> that's likel
