EAP/TLS authentication in 2050

Stefan Winter stefan.winter at restena.lu
Mon Dec 5 11:31:50 CET 2011


> why?
> really, why? wat purpose does testing these dates have - you really think 
> your current infrastructure, and techologies such as 802.1X are going
> to be around in the same format in even 20 years time?

To be honest, I'm thinking of a similar thing. Given how painful a CA
rollover can be, I'm planning to rollover to a CA with validity
"somewhere beyond Stefan's retirement date", which is unfortunately
later than 2037.

Given that the extra effort to extend the lifetime of a CA is *zero*
(just enter a different date in openssl.cnf) and the pain to eventually
stumble over an expiring CA is non-zero - I prefer to do the zero work.

Of course things might change, my CA keys might get too short, and I
might be forced to roll over anyway - there is at least a *chance* that
I can prevent a need to rollover, and so I'll do it. 3011 is stretching
it though, admitted.


> anyway....I'm guessing these are 32 bit server and client OS ?
> you may find, in that case, that your tests will work until you set the
> date beyond 2037 - 32bit OS have problems with dates after 2038
> so, try this with KNOWN parameters - eg 2020 , within the 2038
> timeframe and things should work.
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111205/242083f0/attachment.pgp>

More information about the Freeradius-Users mailing list