Regardless of validation levels, it is not possible to own an ESSID. It is possible, however, to own a domain, email address, physical address, etc. That's the difference.
Putting an ESSID in a certificate is a slippery slope. I doubt any public CA or OS vendor would ever entertain this. Tim ________________________________ From: Alan DeKok <al...@deployingradius.com> Sent: Tuesday, November 12, 2019 18:40 To: Cappalli, Tim (Aruba) Cc: Russ Housley; emu@ietf.org Subject: Re: [Emu] Idea: New X509 Extension for securing EAP-TLS On Nov 12, 2019, at 3:13 PM, Cappalli, Tim (Aruba) <t...@hpe.com> wrote: > > How does a public CA prove ownership of an SSID? Do public CAs *always* verify addresses and/or telephone numbers, which are normally included in certificates? Do public CAs verify that email addresses in the certificate work? Do public CAs verify that the OIDs in the certificate match the intended use-cases? Is there a global registry of SSIDs which the public CA could use to verify the SSID? To put it another way, I'm not sure why this question is being posed. Alan DeKok.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu