EAP/TLS authentication in 2050
stefan.winter at restena.lu
Mon Dec 5 11:31:50 CET 2011
> really, why? wat purpose does testing these dates have - you really think
> your current infrastructure, and techologies such as 802.1X are going
> to be around in the same format in even 20 years time?
To be honest, I'm thinking of a similar thing. Given how painful a CA
rollover can be, I'm planning to rollover to a CA with validity
"somewhere beyond Stefan's retirement date", which is unfortunately
later than 2037.
Given that the extra effort to extend the lifetime of a CA is *zero*
(just enter a different date in openssl.cnf) and the pain to eventually
stumble over an expiring CA is non-zero - I prefer to do the zero work.
Of course things might change, my CA keys might get too short, and I
might be forced to roll over anyway - there is at least a *chance* that
I can prevent a need to rollover, and so I'll do it. 3011 is stretching
it though, admitted.
> anyway....I'm guessing these are 32 bit server and client OS ?
> you may find, in that case, that your tests will work until you set the
> date beyond 2037 - 32bit OS have problems with dates after 2038
> so, try this with KNOWN parameters - eg 2020 , within the 2038
> timeframe and things should work.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users