[{"author": "Alessandro Amirante", "text": "<p>test</p>", "time": "2022-11-07T15:45:06Z"}, {"author": "Jari Arkko", "text": "<p>Chairs - I am following a BOF in the next room -- when would be a good time for me to come over for the EAP-AKA FS presentation?</p>", "time": "2022-11-07T15:45:59Z"}, {"author": "Peter Yee", "text": "<p>We'll take you when we can get you. Any idea when you might be able to duck out? We're shifting the agenda in real-time. NB, we will not likely be running for the whole two hours.</p>", "time": "2022-11-07T15:50:05Z"}, {"author": "Massimiliano Pala", "text": "<p>I would not conflict EAP with configuration - I think the conversation on EAP should be restricted to the authentication only - for authorization and configuration there might be better protocols... once the authentication is solved/managed.</p>", "time": "2022-11-07T15:51:39Z"}, {"author": "Massimiliano Pala", "text": "<p>Also, the WebPKI might not be the right infrastructure because its policy is mostly concerned with server-side certificates for TLS.</p>", "time": "2022-11-07T15:52:33Z"}, {"author": "Jari Arkko", "text": "<p>Peter: Maybe I come when the next break is between your presentations, when would that be?</p>", "time": "2022-11-07T15:53:57Z"}, {"author": "Massimiliano Pala", "text": "<p>There is an important distinction when you validate a certificate for a specific TLS endpoint and a certificate for a Network - validation practices should be different because the endpoint information (FQDN, etc.) are not relevant in a Point-to-Point authentication.</p>", "time": "2022-11-07T15:54:10Z"}, {"author": "Peter Yee", "text": "<p>Jari: Hard to say. We're having a freewheeling discussion of EAP and certificates. Given the amount of free time we have, we're not holding tightly to schedule.</p>", "time": "2022-11-07T15:55:35Z"}, {"author": "Jari Arkko", "text": "<p>ok I'll be there in a bit and will stick around until you solve all certificate problems :-)</p>", "time": "2022-11-07T15:57:29Z"}, {"author": "Massimiliano Pala", "text": "<p>One  important consideration on the configuration of device certificates is that names/identities should really be avoided. In our experience, any choice of names will inevitably collide, at some point, with identities from a new ecosystem you are bringing into your roaming. The main point being, the identity is the certificate as a whole, not just parts of it (e.g., e field in the subject).</p>", "time": "2022-11-07T16:04:01Z"}, {"author": "Massimiliano Pala", "text": "<p>This is a fantastic topic!</p>", "time": "2022-11-07T16:04:38Z"}, {"author": "Lorenzo Miniero", "text": "<p>Is the session over?</p>", "time": "2022-11-07T17:07:59Z"}]