Re: [Emu] BRSKI-TEAP vs regular connection (was Re: EAP questions ...)

2020-01-15 Thread Eliot Lear (elear)
Hi Michael, > > Owen, do we have a need to recognize that a device needs to perform > onboarding again after a movement? > > i.e. device A enrolls on network 1, gets an LDevID usable on network 1, > uses that with EAP-FOOBAR. > > device A then is moved to network 2, it tries to use same

Re: [Emu] BRSKI-TEAP vs regular connection (was Re: EAP questions ...)

2020-01-15 Thread Eliot Lear (elear)
> On 15 Jan 2020, at 16:10, Michael Richardson wrote: > > > Eliot Lear (elear) wrote: >>> Owen, do we have a need to recognize that a device needs to perform >>> onboarding again after a movement? >>> >>> i.e. device A enrolls on network

Re: [Emu] [lamps] EAP/EMU recommendations for client cert validation logic

2020-01-16 Thread Eliot Lear (elear)
On 8 Jan 2020, at 17:29, Ryan Sleevi mailto:ryan-i...@sleevi.com>> wrote: The CA must revoke if the certificate is misused; that's required by contract. The CA defines what misuse means. A number of CAs define misuse as "used for purposes other than TLS web server" Ergo, obtaining and using

Re: [Emu] [lamps] EAP/EMU recommendations for client cert validation logic

2020-01-08 Thread Eliot Lear (elear)
Hi Ryan, This topic seems like a good one to just get on the phone and sort through, but I have one question: On 8 Jan 2020, at 09:11, Ryan Sleevi mailto:ryan-i...@sleevi.com>> wrote: However, if using the same set or CAs that popular OSes use for TLS, it does mean that these CAs, and their

Re: [Emu] [lamps] EAP/EMU recommendations for client cert validation logic

2020-01-08 Thread Eliot Lear (elear)
, 2020 at 5:00 AM Eliot Lear (elear) mailto:el...@cisco.com>> wrote: Hi Ryan, This topic seems like a good one to just get on the phone and sort through, but I have one question: On 8 Jan 2020, at 09:11, Ryan Sleevi mailto:ryan-i...@sleevi.com>> wrote: However, if using the same set o