Re: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
Bernard Aboba wrote:
How about including:
"Some deployments may require the presence of client and server
authentication extended key usage extensions in certificates. Client
implementations wishing to interoperate in these environments SHOULD
check the server's certificate for an Extended Key Usage field
implementations id-kp-serverAuth (1.3.6.1.5.5.7.3.1) or the special
keyPurposeID anyExtendedKeyUsage. Server implementations wishing to
interoperate in this environment SHOULD check the client's certificate
for an Extended Key Usage field containing id-kp-clientAuth
(1.3.6.1.5.5.7.3.2) or the special keyPurposeID anyExtendedKeyUsage.
Note that these key usage extension identifiers for server and client
authentication are somewhat generic and may not be sufficient to
authorize an entity's role specifically as an EAP-TLS client or server."
Looks good.
What about RFC 4334?
--
t. charles clancy, ph.d. <> tcc at umd.edu <> www.cs.umd.edu/~clancy
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
