How does a public CA prove ownership of an SSID? From: Emu <emu-boun...@ietf.org> Date: Tuesday, November 12, 2019 at 3:08 PM To: Russ Housley <hous...@vigilsec.com> Cc: emu@ietf.org <emu@ietf.org> Subject: Re: [Emu] Idea: New X509 Extension for securing EAP-TLS On Nov 12, 2019, at 11:43 AM, Russ Housley <hous...@vigilsec.com> wrote: > > Can the extended key usage for EAP over a LAN ( id-kp-eapOverLAN ) solve this > for you? It is defined in RFC 4334. A certificate for Web PKI should not > include this extended key usage. > > RFC 4334 also offers a certificate extension that lists the SSIDs that are > associated with the server.
That does sound relevant. I wasn't even aware of that document. While RFC 4334 offers the id-kp-eapOverLAN OID, I'm not aware of anyone using it. Even Microsoft supplicants still require the TLS web server auth OID (1.3.6.1.5.5.7.3.1). So yes, RFC 4334 is absolutely relevant here. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
