There has been a lot of discussion on this thread, but I do not see anything actionable for the EAP-TLS 1.3 specification.
Joe On Wed, Jan 8, 2020 at 12:48 PM Alan DeKok <al...@deployingradius.com> wrote: > On Jan 8, 2020, at 3:00 PM, Michael Richardson <mcr+i...@sandelman.ca> > wrote: > > > > > > Alan DeKok <al...@deployingradius.com> wrote: > > alan> Many people use private CAs. Many use public CAs. *All* of > them > > alan> use id-kp-serverAuth. Common EAP supplicants (MS / Apple / > etc.) > > alan> ship with known root CAs. These root CAs are trusted by default > > alan> for web browsing. None are trusted by default for EAP. > > > > How can anyone be using public CAs for EAP, if none are trusted for EAP, > and no > > public CAs issue certificates with id-kp-serverAuth? > > Every CA is manually enabled. > > Either by an end user, or by / on behalf of, an administrator. > > The goal I'd like to reach is some method to allow supplicants to > automatically trust and enable certificates for EAP. > > Alan DeKok. > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu