ABFAB depends on proxies doing certain things. For example we depend on a proxy near the acceptor verifying the hostname of the acceptor.
how does the EAP server know whether that has happened? This message is not about malicious actors:safety pup says don't stick malicious parties in your trust path. We'll be discussing trust a lot in the architecture document and in some presentations we hope to give in Prague. However even when you discard malice, there are a lot of ways things can go wrong. A proxy might not be upgraded to support ABFAB-specific processing. Configuration might be set incorrectly. A proxy might not have some data source it needs. I think it would be desirable to have some way to do this. I'm sort of imagining an attribute that the proxy includes indicating it has performed some check and the policy applied to perform that check. I'm not entirely sure what level of granularity is required. I'm wondering if there are participants who would be interested in working through details of this? --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
