Sam Hartman wrote: > ABFAB depends on proxies doing certain things. For example we depend on > a proxy near the acceptor > verifying the hostname of the acceptor. > > how does the EAP server know whether that has happened?
It doesn't. > I'm sort of imagining an attribute that the proxy includes indicating it > has performed some check and the policy applied to perform that check. > I'm not entirely sure what level of granularity is required. > I'm wondering if there are participants who would be interested in > working through details of this? I think it would be useful. Sharing information is a good idea. For simplicity, it would probably be best if there was no negotiation. i.e. the proxy just says "I did this". Any negotiation about which checks need to be done is probably an issue for contracts, lawyers, etc. Alan DeKok. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
