On Oct 24, 2023, at 8:56 AM, josh.howl...@gmail.com wrote: > To be clear, what I mean is whether there is another IETF protocol that > *mandates* the use of WebPKI?
All of them. Not explicitly, but implicitly. I think the way out here is to not mandate the use of WebPKI. Instead, we can just say that the EAP certificate should be issues by the same (or equivalent CA) to the one which was used to provision the initial FIDO credentials. In practice, this means WebPKI most of the time. :) Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu