The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

>> If the 802.1X client has no connectivity to get the CRL
>> anyway....thinking windows phone clients here that need CRLDP defined.
>> ..is this worth it? We're not using the Web after all. ..
> First of all the device could have other means of connectivity, like
> GSM. Secondly a test AFTER the connection still makes a lot of sense.
> The current .1x approach makes it completely impossible to revoke a
> server certificate if the key got compromised, and this is REALLY BAD.
> So a test after the connection and marking the cert permanently ad bad
> and alerting the user about a possible credentials compromise, would be
> quite useful if implemented correctly.

I guess Alan's point is that since there is *no* supplicant out there
actually performing any checks, is it worth for us to be that extra
picky and complain anyway?

Of course we can just let it be. I'd find that a bit sad, but if it's
what people want, I can be talked into not coding this and will find
somethin else to do instead.

?

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature