[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Starting the decision on PIC vs. GetCert



>this is a cert request, and CMP and CMC have the data structures for 
>requesting certs.  Does EAP?

No. It's just a multi-round trip authentication "wrapper" (see
RFC 2284 for details). So you can only use EAP for verifying the
identity, but not for the cert request itself. However, since 
EAP doesn't provide a protected negotiation (unlike IKE or 
GSS_API SPNEGO), the EAP conversation should occur over a 
secure channel.