How does a public CA prove ownership of an SSID?
From: Emu
Date: Tuesday, November 12, 2019 at 3:08 PM
To: Russ Housley
Cc: emu@ietf.org
Subject: Re: [Emu] Idea: New X509 Extension for securing EAP-TLS
On Nov 12, 2019, at 11:43 AM, Russ Housley wrote:
>
> Can the extended key usage for EAP ove
Tim
From: Alan DeKok
Sent: Tuesday, November 12, 2019 18:40
To: Cappalli, Tim (Aruba)
Cc: Russ Housley; emu@ietf.org
Subject: Re: [Emu] Idea: New X509 Extension for securing EAP-TLS
On Nov 12, 2019, at 3:13 PM, Cappalli, Tim (Aruba) wrote:
>
> How does
So again, if NAIRealm is not bound to an organization’s public domain name, how
does a public CA prove ownership of an NAIRealm? How is this different than
ESSID?
I don’t see how this improves assurance of a server identity.
tim
From: Emu
Date: Monday, November 18, 2019 at 9:18 AM
To: EMU WG
If the goal is not to improve identity assurance of an EAP server then what is
this best practice change actually for?
From: Alan DeKok
Date: Monday, November 18, 2019 at 10:34 AM
To: Cappalli, Tim (Aruba)
Cc: EMU WG
Subject: Re: [Emu] Best practices for supplicants and authenticators
configuration, that
doesn’t change the requirement to manually configure the supplicant. So what
are we actually trying to improve here?
From: Alan DeKok
Date: Monday, November 18, 2019 at 10:43 AM
To: Cappalli, Tim (Aruba)
Cc: EMU WG
Subject: Re: [Emu] Best practices for supplicants and
So you’re saying an NAIRealm must be a publicly registered domain name? I
agree, but just want to be crystal clear.
tim
From: Alan DeKok
Date: Monday, November 18, 2019 at 10:57 AM
To: Cappalli, Tim (Aruba)
Cc: EMU WG
Subject: Re: [Emu] Best practices for supplicants and authenticators
Making it mandatory to use an anonymous NAI will be a huge issue in enterprise
where the infrastructure, device and enterprise identity is owned by the
enterprise. There is no proxy or third party provider.
Seeing "anonym...@enterprise.com" across all network infrastructure is not
going to be a
I think mandatory support and use of stapling is a great idea. There have been
so many changes across platforms the past few years w.r.t. status checks during
an EAP exchange which has caused significant admin and end user headache. This
solves that by making it consistent while adding the secur
NAS would honor it.
tim
On 11/14/18, 8:38 AM, "Alan DeKok" wrote:
On Nov 14, 2018, at 8:16 AM, Cappalli, Tim (Aruba Security)
wrote:
>
> Making it mandatory to use an anonymous NAI will be a huge issue in
enterprise where the infrastructure, device and enter
Agree 100% Alan. Now is the time to fix this.
-Original Message-
From: Emu on behalf of Alan DeKok
Date: Wednesday, February 20, 2019 at 9:03 AM
To: John Mattsson
Cc: "emu@ietf.org"
Subject: Re: [Emu] Notes on session resumption with TLS-based EAP methods
> On Feb 20, 2019, at 8:53
10 matches
Mail list logo
