I was looking at Section 5.3 in RFC 2716bis, and I noticed that while RFC 3280
conformant path validation is recommended for EAP-TLS servers, there is no such
recommendation for EAP-TLS peers. This seems odd. For example, Section 5.3
states: Since the EAP-TLS server is typically connected to the Internet, it
SHOULD support validating the peer certificate using RFC 3280 [RFC3280]
conformant path validation, including the ability to retrieve intermediate
certificates that may be necessary to validate the peer certificate. For
details, see [RFC3280] Section 4.2.2.1.There is no equivalent statement for
EAP-TLS peers. I would propose the insert the following sentence in Section
5.3: The EAP-TLS peer SHOULD support validating the server certificate
using RFC 3280 [RFC3280] conformant path validation.
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
