On Apr 12, 2021, at 3:54 AM, Eliot Lear <[email protected]> wrote: > “EAP peers need to have some basis to decide which networks are authorized. > A key signal for this purpose is the validation of the server certificate. > To prevent use of the wrong server, the peer SHOULD have some means to select > and update appropriate trust anchors. How this happens is beyond the scope > of this memo."
Yes. Many existing systems won't allow users to select trust anchors. Many existing systems won't even "pin" trust anchors. If the root CA used by an EAP-TLS server changes, they might notify the user. Or they might just send over the new credentials. It's all really bad. >> EAP TLS peer implementations MUST allow for configuration of a unique trust >> root to validate the server's certificate. > > This statement seems independent of the previous one, and may be overly > broad. Let me give you an example: a device may be designed only to operate > as part of a federation. I would agure there that the federation should have it's own CA. I'm not sure what it means to have a federation where someone else controls who is a member of the federation. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
