cert bootstrap bug? (was Re: definitely, I have a problem witheap-tls)

Sergio sergioyebenes at alumnos.upm.es
Fri Aug 22 15:51:57 CEST 2008

Ivan Kalik escribió:
>> However, there may be multiple servers, each with its own cert. Why
>> should a client cert be signed by one server when it may be used with
>> other servers?
> (radius) Server certificate doesn't have to be unique. You can copy the
> same certificate to all the radius servers that will be accepting
> clients issued by that certificate.
> Ivan Kalik
> Kalik Informatika ISP
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I was thinking, in this pki A trust in B only if A certified B. There 
maybe better solutions, responding to real life, like A trust in B only 
if B give credentials accepted by A. By this way, the general 
certification architecture is more dynamic. Server administrator only 
are worried about serverside pki but, he must have crl's from clientside 
pki, and can accept whatever he wants.
It's only an opinion, i think freeradius is a great job :) for example 
with its modular behavior and configuration possibilities.

More information about the Freeradius-Users mailing list