fmauchle
commented
1 month ago Regarding the 'Selfie attack' discussion on the radext mailing list, this prposal might need an update too, related to omitting the identity check...
Open fmauchle opened 1 month ago
fmauchle
commented
1 month ago Regarding the 'Selfie attack' discussion on the radext mailing list, this prposal might need an update too, related to omitting the identity check...
RFC9525 provides guidance on what/how to specify certificate identity validation. This PR applies those rules and references RFC9525 explicitly.
In addition the NAIrealm identity is generalized as it might be applied outside dynamic discovery.