On 12.11.19 00:15, Owen Friel (ofriel) wrote:
> One deployment consideration is if an operator wants to use a public PKI
> (e.g. Lets Encrypt) for their AAA certs, then it could be years, if ever,
> before these extensions could be supported (as Alan alludes to), so it would
> also be good to
On Nov 11, 2019, at 6:15 PM, Owen Friel (ofriel) wrote:
>
> This is also related to ongoing anima discussions about RFC 8366, and how it
> can bootstrap trust when the pinned domain cert is a public PKI CA, and not a
> private CA, and hence additional domain (or realm or FQDN) info is also
>
On Mon, Nov 11, 2019 at 11:41 AM Alan DeKok
wrote:
> On Nov 11, 2019, at 12:52 PM, Owen Friel (ofriel)
> wrote:
> >
> > [ofriel] Is the primary reason they MUST NOT be copied because of
> encoding differences? UTF-8 vs. TLS raw bytes?
>
> Yes. EAP Identities are UTF-8 encoded strings.
On Nov 11, 2019, at 12:52 PM, Owen Friel (ofriel) wrote:
>
> [ofriel] Is the primary reason they MUST NOT be copied because of encoding
> differences? UTF-8 vs. TLS raw bytes?
Yes. EAP Identities are UTF-8 encoded strings. Non-compliant identities
will likely result in the packet being
> -Original Message-
> From: Emu On Behalf Of Alan DeKok
> Sent: 08 November 2019 12:43
> To: Joseph Salowey
> Cc: EMU WG
> Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
>
> On Nov 7, 2019, at 11:08 PM, Joseph Salowey wrote:
> > [Joe] How about
> > "If an
> -Original Message-
> From: Alan DeKok
> Sent: 07 November 2019 17:48
> To: Owen Friel (ofriel)
> Cc: Joseph Salowey ; draft-ietf-emu-eap-tl...@ietf.org;
> John Mattsson ; Michael
> Richardson ; EMU WG
> Subject: Re: [Emu] POST WGLC Comments draft-ietf-emu-eap-tls13
>
> On Nov 7,
> -Original Message-
> From: Alan DeKok
> Sent: 07 November 2019 17:43
> To: Owen Friel (ofriel)
> Cc: Joseph Salowey ; draft-ietf-emu-eap-tl...@ietf.org;
> EMU WG ; John Mattsson
> ; Michael Richardson
>
> Subject: Re: EAP questions (RE: [Emu] POST WGLC Comments draft-ietf-emu-
>
Hi,
Thank you for your feedback.
I was unaware of RFC 7585. I had a brief look on it and it seems that
the certificate part could be used for the goal I try to achieve.
I'm not quite sure if the naiRealm should be used for validation on
supplicants for EAP-TLS. I would assume it would not be a