On Fri, 18 Aug 2023, at 01:01, Michael Richardson wrote: > I'm not sure it's sane to use EAP-TLS for Inner method myself.
If you mean in the general sense, I can imagine placing the user credential on a hardware key whilst the machine credential is either a regular software keychain or even more exotic and tied to the TPM. Policy could then be around machine credential dictating if the device is even allowed to connect and how (link allowed) whilst the actual type of access granted (routes, firewalling, ...) is determined by the user credential. Cheers _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
