Hi Alan, > On 12 Apr 2021, at 14:52, Alan DeKok <al...@deployingradius.com> wrote: > >>> >>> EAP TLS peer implementations MUST allow for configuration of a unique trust >>> root to validate the server's certificate. >> >> This statement seems independent of the previous one, and may be overly >> broad. Let me give you an example: a device may be designed only to operate >> as part of a federation. > > I would agure there that the federation should have it's own CA.
That’s what I’m thinking. But I could imagine hardcoded devices that make use of it. That’s all. Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
