Open fmauchle opened 1 month ago
RFC9525 provides guidance on what/how to specify certificate identity validation. This PR applies those rules and references RFC9525 explicitly.
In addition the NAIrealm identity is generalized as it might be applied outside dynamic discovery.
Regarding the 'Selfie attack' discussion on the radext mailing list, this prposal might need an update too, related to omitting the identity check...
RFC9525 provides guidance on what/how to specify certificate identity validation. This PR applies those rules and references RFC9525 explicitly.
In addition the NAIrealm identity is generalized as it might be applied outside dynamic discovery.