As far as using certificates --- sure, it's possible to set up EAP-TLS
using client certificates. It can be done on Mac, Windows, and Linux.
But the setup of that across multiple operating systems and getting
users to correctly set up their certificates, sending a CA signing
request securely to a central system, configuring their client WiFi
system to deal with EAP-TLS, etc., is a usability nightmare.
That is sadly true. However, it would still be a good idea to do at
the IETF gathering, *because* it is currently a usability nightmare.
There is not enough both real world experience, and exposure of IETF
participant attendees to actual "tip of the spear" usability of
interesting use cases like this.
If lots of smart and networking aware people all get the chance to do
this kind of "interop and usability" "testing" all at once, then a lot
of useful knowledge, tips, howtos, bug discovery, and application
feedback will happen, which I believe can only be a good thing towards
fixing the usability bottleneck that client certs are today.
..m
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf