On May 15, 2021, at 8:21 PM, Joseph Salowey <[email protected]> wrote:
> I proposed a PR#72 based on this suggestion. The resulting text for the
> section is below. Please review to see if it is OK.
It looks good, subject to minor comments.
> The EAP peer identity provided in the EAP-Response/Identity is not
> authenticated by EAP-TLS. Unauthenticated information SHALL NOT be
This is just a personal preference, but "MUST NOT" is clearer to me than
SHALL NOT. It's also more used, IIRC.
> The EAP server identity in the TLS server certificate is typically a
> fully qualified domain name (FQDN). EAP peer implementations SHOULD
> allow users to configure a unique trust root (CA certificate) and a
> server name to authenticate the server certificate and match the
The later text discusses multiple names, so perhaps instead
... and one or more server names ...
Alan DeKok.
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
