purpose of xp extensions
Adam Bishop
Adam.Bishop at jisc.ac.uk
Thu Jun 28 18:10:30 CEST 2018
On 28 Jun 2018, at 16:48, d tbsky <tbskyd at gmail.com> wrote:
> 1. is the "xp" extensions means windows xp or something?
They were introduced with Windows XP.
> 2. is xp extensions only useful if we want client to verify server certificate?
No, the Windows supplicant will flat out not work without the OIDs being present.
> 3. if we use certificate like let's encrypt without xp extensions.
> what function do we miss? I know it is not very secure to use public
> CA, but it seems easier when deal with mobile devices bring by users.
> they just want to access wifi with their active directory
> username/password.
Don't do this - it's insecure if you allow users to use TOFU with a public CA, and has no advantage over a private CA from a UX perspective. Users will still be prompted to accept the certificate manually even if you obtain it from a public CA.
Adam Bishop
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
More information about the Freeradius-Users
mailing list