Walter Reynolds <waltr@umich.edu> wrote:
I knwo this. But what prevents a user from just giving this password to another.
Nothing. At some point, you have to admit that the only way you "know" it's a particular user is because of the password. Certs won't solve this problem, and neither will passwords. It sounds like you don't need EAP-TTLS or anything else. Instead, you need to use one-time password cards (e.g. RSA or Cryptocard). Then people can't give the password away to someone else.
Maybe i need clarification. With TLS, the user machine is checked based on its requirement for a cert. The server is checked by its cert as well. Does the server cert have to be signed by the same server that signed the supplicants cert?
Yes. Or, the supplicant cert has to be signed by the server cert.
And what if a public service (Verisign, Entrust.....) was used. If a supplicant tried to connect it would have the root ca in its keystore so no warning would be there.
Yes. There are limitations to existing technology.
And what about using the built in Mac supplicant. I see no way to input the servers cert anyway.
You could input it as a new "root" certificate.
What am I missing?
You're trying to solve a problem with technology that can't solve the problem. For most what you're worried about, use one-time token cards, client certificates signed by the server cert, and a self-signed server cert. It won't address all of your concerns, but then again, no existing technology will. Alan DeKok.