RFC Errata
RFC 5216, "The EAP-TLS Authentication Protocol", March 2008
Note: This RFC has been updated by RFC 8996, RFC 9190
Source of RFC: emu (sec)
Errata ID: 1394
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT
Reported By: Alfred Hoenes
Date Reported: 2008-03-26
Held for Document Update by: Pasi Eronen
Date Held: 2008-12-04
Section 5.3,pg.26 says:
In contrast to the EAP-TLS server, the EAP-TLS peer may not have | Internet connectivity. Therefore, the EAP-TLS server SHOULD provide its entire certificate chain minus the root to facilitate certificate validation by the peer. The EAP-TLS peer SHOULD support validating the server certificate using RFC 3280 [RFC3280] compliant path validation.
It should say:
In contrast to the EAP-TLS server, the EAP-TLS peer may not have | Internet connectivity (at the time of the EAP-TLS exchange). Therefore, the EAP-TLS server SHOULD provide its entire certificate chain minus the root to facilitate certificate validation by the peer. The EAP-TLS peer SHOULD support validating the server certificate using RFC 3280 [RFC3280] compliant path validation.
Notes:
Rationale: Clarification