Talking with Rhys, we're looking in to the possibility of getting ja.net
configured with dnssec, so that the TR and APC can have signed DNS
entries.
This raises an additional possibility - using DANE for trust anchor
validation for the TLS tunnel within EAP.
Obviously not something that can be done today - how feasible is it in
future? I only see a mention of EAP-FAST in any DANE-related material...
Adam
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|