Yes, I noticed this recently too; I think thats a good addition. Ryan ________________________________
From: Bernard Aboba [mailto:[EMAIL PROTECTED] Sent: Tue 6/5/2007 9:41 PM To: [email protected] Subject: [Emu] Issue: Validation of server certificates in Section 5.3 of RFC 2716bis I was looking at Section 5.3 in RFC 2716bis, and I noticed that while RFC 3280 conformant path validation is recommended for EAP-TLS servers, there is no such recommendation for EAP-TLS peers. This seems odd. For example, Section 5.3 states: Since the EAP-TLS server is typically connected to the Internet, it SHOULD support validating the peer certificate using RFC 3280 [RFC3280] conformant path validation, including the ability to retrieve intermediate certificates that may be necessary to validate the peer certificate. For details, see [RFC3280] Section 4.2.2.1. There is no equivalent statement for EAP-TLS peers. I would propose the insert the following sentence in Section 5.3: The EAP-TLS peer SHOULD support validating the server certificate using RFC 3280 [RFC3280] conformant path validation.
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
