* Anoop C wrote on Wed, Sep 09, 2009 at 18:02 +0530: > Thanks for the quick response. > I totally agree on your point. Our associates often used to try others > certificate .So I want to remove that threat also by incorporating MAC > address also into the certificates apart from the existing set up.
Typically, SSL/TLS security is bound to the secrecy of a private key (secret key), not to the secrecy of a MAC address (which may be easy to disclose by looking to some label or sticker). A stolen certificate cannot be used (in a reasonable cryptosystem, such as SSL/TLS) without having the private (secret) key. Don't know what EAP-TLS is doing, but SSL/TLS usually work on top of TCP and TCP does not know anything MAC. You may even have PPP with TCP but without any MAC addresses. oki, Steffen --[ end of message ]---------------------------------------------->8======= ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
