On Mon, Apr 12, 2021 at 6:02 AM Eliot Lear <[email protected]> wrote: > Hi Alan, > > On 12 Apr 2021, at 14:52, Alan DeKok <[email protected]> wrote: > > > EAP TLS peer implementations MUST allow for configuration of a unique > trust root to validate the server's certificate. > > > This statement seems independent of the previous one, and may be overly > broad. Let me give you an example: a device may be designed only to > operate as part of a federation. > > > I would agure there that the federation should have it's own CA. > > > That’s what I’m thinking. But I could imagine hardcoded devices that make > use of it. That’s all. > > [Joe] Relying on a burned in certificate this way seems like a really bad idea. What happens when that certificate expires?
> Eliot >
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
