Hi Abhijit, In section 5.3 it is assumed that the trust roots required for validation are configured in the client. If the client is also performing revocation section 5.4 provides two possible mechanisms; one is to check for revocation lists after access has been granted and the other is to use the OCSP extensions to TLS to obtain and OCSP response from the server prior to completing the key exchange. The OCSP method does not require the client to have a direct connection to an OCSP server.
Joe > -----Original Message----- > From: Abhijit Rao [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 24, 2007 12:39 AM > To: [email protected] > Subject: [Emu] Server Authentication in EAP-TLS/802.11i > > Hello, > > If EAP-TLS is in effect, how is the 802.11i client expected > to authenticate the Server certificate when the client does > not have access to "internet". > I thought one way is for the client to assume that it is a > "safe" TLS - Server and finish the key generation ... and > once the "internet" access is available then validate the > server certificate. Is this the recommended way? > Also this does not work if it is a closed network - please help. > Your insight into this matter is appreciated sincerely. I > read the most recent draft regarding EAP-TLS I did not see > any recommendation being made. > Am I missing something here? > Regards > Abhi > > > > > > ______________________________________________________________ > ______________________ > Yahoo! oneSearch: Finally, mobile search > that gives answers, not web links. > http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC > > _______________________________________________ > Emu mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
