Hi all, this draft mandates OCSCP stapling (for use with TLS 1.3 in EAP-TLS) and I believe this is a problem for implementations. This extra burden is IMHO unjustified. For the type of deployments where EAP is used there is no need for a mandatory certificate revocation checking with OCSP.
Having it optional, like the use of many other TLS extensions, is fine for me. FWIW even TLS 1.3, which is used in a more generic environment, does not mandate the use of OCSP stapling. This requirement will make the problem described in draft-ietf-emu-eaptlscert worse. I am sure the authors are aware of this fact since they are also co-authors of draft-ietf-emu-eaptlscert. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
