final question about client certs using eap-tls (was: cert bootstrap bug?)

[Sergio]

Hi,

also was so many others. At this time i have got one eap module which 
authenticates users under a PKI. My client certs are issued by root ca 
(ca.pem) and everything works. I can manage the crl, because it is 
public, and authenticate any user against any server. So my question is, 
what's the final goal of signing certificates with server's? The only 
difference (i think) is about the crl managing, because in my case, the 
authority should provide the crl to the server administrators. I don't 
see any more difference.

Thanks