>>>>> ""Tschofenig," == "Tschofenig, Hannes (NSN <- FI/Espoo)" <[log in to unmask]>> writes:
>>
>> >Are you talking about using EAP-TLS and the client side of the
"Tschofenig,> EAP-TLS
>> >implementation does not verify the certificate?
>>
>> EAP-TTLS and yes, client side not verifying server certificate.
"Tschofenig,> If you don't want to verify the server certificate
"Tschofenig,> then why are you using this particular EAP method?
"Tschofenig,> Use one that does not provide any certificates.
The choice of EAP method is dictated more by deployment concerns. We
certainly think people should verify the server cert. We support that.
But sometimes people don't do that. And particularly for GSS-EAP it
creates a bit of a usability issue because people may well not configure
the right cert on their initial test deployment etc.
--Sam
|