> A valid EAP-TLS client certificate SHOULD contain an
> extendedKeyUsage
> value indicating support for Client Authentication
> (1.3.6.1.5.5.7.3.2). A valid EAP-TLS server certificate SHOULD
> contain an extendedKeyUsage value indicating support for Server
> Authentication (1.3.6.1.5.5.7.3.1).
>
[Joe] I think I remember that some protocols specify the presence of a
specific EKU or the ANY EKU.
Any references I should look at? Other than RFC 3280, the only reference I
could find is this:
http://www.drizzle.com/~aboba/CPW/Hardjono-IETF55-TLScertProfile.pdf
[Joe] I haven't looked at [He] in a while, but I thought that it wasn't
applications in general, but applications that use a protocol that
bindly signs arbitrary data. Perhaps this should be a bit clearer.
Yes, that was the issue.
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
