IETF Logo Mail Archive

Re: [Emu] Best practices for supplicants and authenticators

Jan-Frederik Rieckers <rieckers@uni-bremen.de> Mon, 18 November 2019 15:30 UTC

Return-Path: <rieckers@uni-bremen.de>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F37F12010D for <emu@ietfa.amsl.com>; Mon, 18 Nov 2019 07:30:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.9
X-Spam-Level:
X-Spam-Status: No, score=-2.9 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uni-bremen.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMCc4IFF2MGP for <emu@ietfa.amsl.com>; Mon, 18 Nov 2019 07:29:59 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FC951200FA for <emu@ietf.org>; Mon, 18 Nov 2019 07:29:59 -0800 (PST)
Received: from [134.102.25.84] (eduroam-pool6-0340.wlan.uni-bremen.de [134.102.25.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 47GtDj634WzySS for <emu@ietf.org>; Mon, 18 Nov 2019 16:29:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uni-bremen.de; s=2019; t=1574090997; bh=zV1tHDRWnHbfTbjGUi5QXN79TGsjHD85Gak4a5e86ss=; h=To:References:From:Date:In-Reply-To; b=HNxhs/Kgm53TCgZV+T6KLoXwfhMRvTrmdKgNsLItsyKpx+2N58deOAsgqQI8QAlx8 1pSAEzRJHClbcrL56o0d8587DGjcjZMgiuO9EoHPUHyFROcvehsq3vTb54nm+kJnSy QheSuS73Ng2UOFwV9g4N9eSh2owEdlez6/92zDlOWk4qU1/+oPb+Oj6MsTA/nw3yic n2v/AjEGIoMeMu3HuCdBisnl3C73t+2yAeDbax1X8F9rPHPQsBcNRtiS1Pjid/h4cp 39XCg6Bx6vzSPlvZEAn6Edj7pDGD9zGs83BpTpGNiC3IOkJul+IRMv9F7kLiL/m04v +wImukpicT6wQ==
To: emu@ietf.org
References: <526166D8-80B9-4356-84D9-52ACD49E004B@deployingradius.com> <AT5PR8401MB0530EEE33628E2DB3098C1E6DB4D0@AT5PR8401MB0530.NAMPRD84.PROD.OUTLOOK.COM>
From: Jan-Frederik Rieckers <rieckers@uni-bremen.de>
Openpgp: preference=signencrypt
Message-ID: <82f03924-5099-4818-2d9e-15212b469b95@uni-bremen.de>
Date: Mon, 18 Nov 2019 16:29:53 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <AT5PR8401MB0530EEE33628E2DB3098C1E6DB4D0@AT5PR8401MB0530.NAMPRD84.PROD.OUTLOOK.COM>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="K48Yoy9EqkniKiTDRNnMAzICS5lkwokVG"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/uwllMx6GSfG6P9Yz3AjJZo2H-yE>
Subject: Re: [Emu] Best practices for supplicants and authenticators
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 15:30:02 -0000

On 18.11.19 16:22, Cappalli, Tim (Aruba) wrote:
> So again, if NAIRealm is not bound to an organization’s public domain
> name, how does a public CA prove ownership of an NAIRealm? How is this
> different than ESSID?

It must not be a public domain name, but it can be.

Speaking of eduroam this is usually the case, and is also used for
roaming. (See RFC7585, the NAPTR DNS record)
And if it is, it can be validated by a CA.

  Janfred

v2.23.0 | Report a Bug | By Email