>>>>> "Alan" == Alan DeKok <[email protected]> writes:
Alan> Sam Hartman wrote:
>> * The client wants assurance that it's talking to a consistent
>> server so that you only end up having to authenticate the server
>> at one level.
Alan> I have always been unsure as to why clients don't tie
Alan> credentials to a server certificate. Instead, they are
Alan> usually tied to an SSID. And while clients can verify the
Alan> servers CA, the CA is usually in a global CA store.
Hmm. Android at least seems to let me pick an expected CA for each SSID
separately. I don't have EAP here at home so I've not played with the
security. That presumably means that wpa_supplicant gives you enough
rope under the covers.
I can't help the Windows and mac users:-)
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
