It has been pointed out that an EAP-TLS certificate can contain multiple
subject or subjectAltName fields. To address this, I propose that we add the
following text to Section 5.2:It is possible for more than one subjectAltName
field to be presentin a peer or server certificate. Where more than one
subjectAltNamefield is present in a certificate, EAP-TLS implementations
SHOULDexport all the subjectAltName fields within Peer-Ids orServer-Ids; all of
the exported Peer-Ids and Server-Ids are considered valid. Similarly, if
more than one subject field is present in a peer orserver certificate, and no
subjectAltName field is present, thenEAP-TLS implementations SHOULD export all
of the subject fieldswithin Peer-Ids and Server-Ids; all of the exported
Peer-Ids and Server-Ids are considered valid.
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
