Regardless of validation levels, it is not possible to own an ESSID. It is possible, however, to own a domain, email address, physical address, etc. That's the difference.
Putting an ESSID in a certificate is a slippery slope. I doubt any public CA or OS vendor would ever entertain this. Tim ________________________________ From: Alan DeKok <[email protected]> Sent: Tuesday, November 12, 2019 18:40 To: Cappalli, Tim (Aruba) Cc: Russ Housley; [email protected] Subject: Re: [Emu] Idea: New X509 Extension for securing EAP-TLS On Nov 12, 2019, at 3:13 PM, Cappalli, Tim (Aruba) <[email protected]> wrote: > > How does a public CA prove ownership of an SSID? Do public CAs *always* verify addresses and/or telephone numbers, which are normally included in certificates? Do public CAs verify that email addresses in the certificate work? Do public CAs verify that the OIDs in the certificate match the intended use-cases? Is there a global registry of SSIDs which the public CA could use to verify the SSID? To put it another way, I'm not sure why this question is being posed. Alan DeKok.
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
