The following errata report has been submitted for RFC9190,
"EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3".
--
You may review the report below and at:
https://www.rfc-editor.org/errata/eid8094
--
Typ
Question for implementors:
To enable revocation checking in situations where EAP-TLS peers do
not implement or use OCSP stapling, and where network connectivity is
not available prior to authentication completion, EAP-TLS peer
implementations MUST also support checking for certif
This should be disregarded. RPK is a TLS certificate type. See the IANA
registry for TLS Certificate Types:
https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3.
Specifically, TLS Certificate Type value of 2 corresponds to RPK (raw
I would argue that you're still being inaccurate. That is the message
type. If you would rather, then you should specify that "both X509 and
RawPublicKey forms of CertificateType should be supported" (those are
the only two forms permitted). A raw public key is NOT a certificate.
Eliot
On
On Wed, Sep 4, 2024 at 1:11 PM Eliot Lear wrote:
> I would argue that you're still being inaccurate. That is the message
> type. If you would rather, then you should specify that "both X509 and
> RawPublicKey forms of CertificateType should be supported" (those are the
> only two forms permitte
On 04.09.2024 19:24, Paul Wouters wrote:
But a raw key is in SPKI format isn't it? I would call that X.509 as well?
Would you? I wouldn't.
Eliot
OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_
On Wed, Sep 4, 2024 at 1:26 PM Eliot Lear wrote:
>
> On 04.09.2024 19:24, Paul Wouters wrote:
>
> But a raw key is in SPKI format isn't it? I would call that X.509 as well?
>
> Would you? I wouldn't.
>
I might be biased as the author of RFC 7250, but it states:
This document introduces the
Hi,
As Eliot writes it would have been better to talk about CertificateType, but it
hard to see this as an RFC 9190 errata when RFC 8446 which RFC 9190 builds on
says:
“If the RawPublicKey certificate type was negotiated”.
I would strongly agree that RPK is not a certificate at all. The fact t
