> > > >Either TLS or IPSEC for RADIUS will thwart pervasive monitoring. Only if correctly implemented. The Wi-Fi industry has a pervasive problem where the TLS certificates for the authentication servers are not validated by all devices. We are putting in certificating testing to encourage correct implementations, but it will take time to see a significant change in products being sold.
The lack of certificate validation compounds the vulnerability of MSCHAPv2 which has been commonly used for ³enterprise" grade Wi-Fi deployments. Some new solutions for this problem area will be available soon Š will post when they are announced. Paul > >-- Christian Huitema > > > > >_______________________________________________ >perpass mailing list >perpass@ietf.org >https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass