Looks fine to me. Any particular reason why we emphasize 4.2.2.1? Thanks,
Joe > -----Original Message----- > From: Ryan Hurst [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 05, 2007 9:45 PM > To: Bernard Aboba; [email protected] > Subject: RE: [Emu] Issue: Validation of server certificates > in Section 5.3 ofRFC 2716bis > > Yes, I noticed this recently too; I think thats a good addition. > > Ryan > > ________________________________ > > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Tue 6/5/2007 9:41 PM > To: [email protected] > Subject: [Emu] Issue: Validation of server certificates in > Section 5.3 of RFC 2716bis > > > I was looking at Section 5.3 in RFC 2716bis, and I noticed > that while RFC 3280 conformant path validation is recommended > for EAP-TLS servers, there is no such recommendation for > EAP-TLS peers. This seems odd. > > For example, Section 5.3 states: > > Since the EAP-TLS server is typically connected to the Internet, it > SHOULD support validating the peer certificate using RFC 3280 > [RFC3280] conformant path validation, including the ability to > retrieve intermediate certificates that may be necessary > to validate > the peer certificate. For details, see [RFC3280] Section 4.2.2.1. > > There is no equivalent statement for EAP-TLS peers. > > I would propose the insert the following sentence in Section 5.3: > > The EAP-TLS peer SHOULD support validating > the server certificate using RFC 3280 [RFC3280] conformant path > validation. > > > _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
