Re: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
What about RFC 4334?
As far as I know, no EAP-TLS implementation supports RFC 4334 and I don't
think we should be encouraging implementers to support it.
The OIDs defined in RFC 4334 do not correspond to values of the
NAS-Port-Type attribute, so the backend authentication server certificate
handling code would need to be updated everytime a new value were to be
assigned; the AAA server can't just check that the NAS-Port-Type attribute
includes a value that matches one of the OIDs in the client certificate.
Similarly, client code would need to be updated every time a new EAP lower
layer was defined, since the client would need to check if the server
certificate contained an OID allowing it to be used to authorize a given EAP
lower layer.
As a result, I think that RFC 4334 compromises the ability of EAP-TLS to run
over any suitable lower layer without code changes.
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
