+1. How does anyone even do OCSP without having first gotten onto the network?
Eliot > On 21 Oct 2020, at 11:02, Hannes Tschofenig <hannes.tschofe...@arm.com> wrote: > > Hi all, > > this draft mandates OCSCP stapling (for use with TLS 1.3 in EAP-TLS) and I > believe this is a problem for implementations. This extra burden is IMHO > unjustified. For the type of deployments where EAP is used there is no need > for a mandatory certificate revocation checking with OCSP. > > Having it optional, like the use of many other TLS extensions, is fine for > me. FWIW even TLS 1.3, which is used in a more generic environment, does not > mandate the use of OCSP stapling. > > This requirement will make the problem described in draft-ietf-emu-eaptlscert > worse. I am sure the authors are aware of this fact since they are also > co-authors of draft-ietf-emu-eaptlscert. > > Ciao > Hannes > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > _______________________________________________ > Emu mailing list > Emu@ietf.org <mailto:Emu@ietf.org> > https://www.ietf.org/mailman/listinfo/emu > <https://www.ietf.org/mailman/listinfo/emu>
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu