Just a thought of having both belt and suspenders: the draft says that use of eap.arpa realm triggers a variant of EAP-TLS where the client certificate is not used. Should this variant of EAP-TLS have its own EAP type?
Client certificate authentication is a core feature of EAP-TLS. A separate EAP type would make it clear this is not a typical EAP-TLS authentication. When thinking systems other than EAP-TLS-anon clients and servers, would those benefit from seeing a separate EAP type? The Wi-Fi Alliance and hostapd specifications and implementations, discussed earlier on the list, appear to use an EAP type that is different from EAP-TLS type. -- Heikki Vatiainen [email protected]
_______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
