It seems that most of the issues brought up in last call are resolved or nearly resolved in draft-simon-emu-rfc2716bis-06.txt. The one area where we need more discussion is section 5.2 on certificate usage. Below are the remaining open issue I have tracked with this section, please indicate if there are others with this section or other sections that I have missed.
1. Use of TLS-WWW EKU The question was raised that the TLS WWW EKU may not be appropriate for EAP-TLS. The suggestion was made to remove the text on EKU. Are members of the working group in favor of removing this text? 2. Discussion of naming This section recommends "Where the subjectAltName field is present, the Peer-Id or Server-Id is set to the contents of the subjectAltName. If subject naming information is present only in the subject field, then the Peer-Id or Server-Id is set to the Distinguished Name (DN)." It is possible that more than one subjectAltName may be present in a certificate. Are there any rules as to how this is represented as a Peer name? Also would it be more consistent to use the DN unless it is empty? 3. Discussion of authorization The later part of this section seems to discuss authorization. A suggestion for revised text was made in http://www1.ietf.org/mail-archive/web/emu/current/msg00309.html. Does the suggested text convey the necessary information? _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
