[{"author": "Alessandro Amirante", "text": "
test
", "time": "2022-11-07T15:45:06Z"}, {"author": "Jari Arkko", "text": "Chairs - I am following a BOF in the next room -- when would be a good time for me to come over for the EAP-AKA FS presentation?
", "time": "2022-11-07T15:45:59Z"}, {"author": "Peter Yee", "text": "We'll take you when we can get you. Any idea when you might be able to duck out? We're shifting the agenda in real-time. NB, we will not likely be running for the whole two hours.
", "time": "2022-11-07T15:50:05Z"}, {"author": "Massimiliano Pala", "text": "I would not conflict EAP with configuration - I think the conversation on EAP should be restricted to the authentication only - for authorization and configuration there might be better protocols... once the authentication is solved/managed.
", "time": "2022-11-07T15:51:39Z"}, {"author": "Massimiliano Pala", "text": "Also, the WebPKI might not be the right infrastructure because its policy is mostly concerned with server-side certificates for TLS.
", "time": "2022-11-07T15:52:33Z"}, {"author": "Jari Arkko", "text": "Peter: Maybe I come when the next break is between your presentations, when would that be?
", "time": "2022-11-07T15:53:57Z"}, {"author": "Massimiliano Pala", "text": "There is an important distinction when you validate a certificate for a specific TLS endpoint and a certificate for a Network - validation practices should be different because the endpoint information (FQDN, etc.) are not relevant in a Point-to-Point authentication.
", "time": "2022-11-07T15:54:10Z"}, {"author": "Peter Yee", "text": "Jari: Hard to say. We're having a freewheeling discussion of EAP and certificates. Given the amount of free time we have, we're not holding tightly to schedule.
", "time": "2022-11-07T15:55:35Z"}, {"author": "Jari Arkko", "text": "ok I'll be there in a bit and will stick around until you solve all certificate problems :-)
", "time": "2022-11-07T15:57:29Z"}, {"author": "Massimiliano Pala", "text": "One important consideration on the configuration of device certificates is that names/identities should really be avoided. In our experience, any choice of names will inevitably collide, at some point, with identities from a new ecosystem you are bringing into your roaming. The main point being, the identity is the certificate as a whole, not just parts of it (e.g., e field in the subject).
", "time": "2022-11-07T16:04:01Z"}, {"author": "Massimiliano Pala", "text": "This is a fantastic topic!
", "time": "2022-11-07T16:04:38Z"}, {"author": "Lorenzo Miniero", "text": "Is the session over?
", "time": "2022-11-07T17:07:59Z"}]