In practice it is difficult to securely support self-signed certificates. There are several issues involved:
a. Vulnerability to man-in-the-middle attack on initial provisioning. For wireless networks, this is a significant risk, more so than with protocols like SSH, where initial contact might occur over a wired network. b. Potential for affecting other applications. Self-signed certificates, if trusted for a given use, must not be used as trust anchors for other uses. This can require significant additional work to make sure that trust is properly isolated. For these reasons, I do not believe that EAP methods relying on self-signed certificates satisfy the requirements of RFC 4017.
_______________________________________________ Emu mailing list Emu@ietf.org http://www.ietf.org/mailman/listinfo/emu
