Yes, they do, which is why I brought it up.
It is becoming even more common with Passpoint becoming the preferred
deployment model.
From: Alan DeKok
Date: Tuesday, August 3, 2021 at 11:35
To: Tim Cappalli
Cc: emu@ietf.org
Subject: Re: [Emu] Identities and draft-ietf-emu-tls-eap-types-03
>
> On Aug 3, 2021, at 11:15 AM, Tim Cappalli wrote:
>
> An EAP identities only apply to 802.1X, so yes.
What I meant is to ask if sites really do use multiple different realms with
EAP, and do so with cloud providers.
As I said, I haven't seen this use-case, and I haven't anyone discuss
An EAP identities only apply to 802.1X, so yes. Supplicants are not designed to
be configured by end users. How this data gets configured is irrelevant to the
conversation.
tim
From: Alan DeKok
Date: Tuesday, August 3, 2021 at 10:50
To: Tim Cappalli
Cc: emu@ietf.org
Subject: Re: [Emu]
On Aug 3, 2021, at 10:01 AM, Tim Cappalli wrote:
> I fail to understand why this is "a terrible idea". Many organizations,
> including EDUs have multiple TLDs that are used for sign-in. Cloud IdPs
> require a fully qualified username.
Sure. It's good to see the NAI recommendations of RFC
I fail to understand why this is "a terrible idea". Many organizations,
including EDUs have multiple TLDs that are used for sign-in. Cloud IdPs require
a fully qualified username.
I don't think there should be any text on this topic.
From: Alan DeKok
Date: Tuesday, August 3, 2021 at 08:20
To:
On Aug 2, 2021, at 4:32 PM, Tim Cappalli wrote:
>
> >> However, if the outer realm is "@example.com", then the inner realm cannot
> >> be "usern...@example.org".
>
> I disagree with this requirement. Many organizations have multiple domains
> used for fully qualified usernames but for routing
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update WG of the IETF.
Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)
Authors : John Preuß Mattsson
Mohit