By certificate-based ciphersuites, do you mean TLS_RSA_WITH_* ciphersuites from RFC 2246 specifically, or any ciphersuite that uses any kind of certificates?
Any ciphersuite supporting client certificate authentication would be ok.
(To me it looks like many of these arguments would also suggest defining a separate EAP type code for e.g. ECC certificates based on the RFC 4492 ciphersuites. I don't think that would be a good idea...)
I'd agree. It isn't necessary to have a new EAP method for each ciphersuite.
_______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu