EAP-TLS with TLS 1.3

Stefan Winter stefan.winter at restena.lu
Wed Mar 14 16:41:12 CET 2018


Hi,

> I guess it’d also allow you to select different certificates depending on the CA list advertised by the server, as well as different certificates for crypto agility.

True! In RFC6614 I wrote that the CA indication is something that should
be honoured (it's useful if your server is in multiple consortia and
needs to have different certs) but since eduroam seems to be the only
large dynamic discovery + Radsec consortium, this was never urgent to
actually do. Which doesn't mean it shouldn't be done :-)

Stefan




-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20180314/a6cc7c4f/attachment.sig>


More information about the Freeradius-Devel mailing list