On Nov 10, 2019, at 11:16 AM, Russ Housley <[email protected]> wrote: > Thanks for the overview. It was very helpful.
Glad to help. > RFC 7586 define the NAIRealm as an otherName in the SubjectAltName of a > certificate. It seems that the NAIRealm name form works equally well, > regardless of the role that the certificate holder is performing in the > protocol. I agree. TBH, I like this proposal for securing EAP-TLS. It may take time to deploy, but adding more clarity to certificates is always useful. I'd be in favour of WG adoption of a document based on this. FWIW, a configuration file that creates certificates with the NAIRealm is located here: https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/certs/server.cnf Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
