 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
In practice it is difficult to securely support self-signed certificates. There are several issues involved: a. Vulnerability to man-in-the-middle attack on initial provisioning. For wireless networks, this is a significant risk, more so than with protocols like SSH, where initial contact might occur over a wired network. b. Potential for affecting other applications. Self-signed certificates, if trusted for a given use, must not be used as trust anchors for other uses. This can require significant additional work to make sure that trust is properly isolated. For these reasons, I do not believe that EAP methods relying on self-signed certificates satisfy the requirements of RFC 4017. |
_______________________________________________ Emu mailing list Emu at ietf.org http://www.ietf.org/mailman/listinfo/emu