WPA enterprise and default parameters on Linux

[Alessandro Sivieri]

Hi all,

I have found this mailing list on the WPA Supplicant application Web page,
and I'm writing here to solve a doubt: I use for work a wireless connection,
which is configured to use WPA Enterprise (with WPA-EAP); to use it, I have
downloaded the certificate from my provider's Web page, associated to my ID,
and everything is working fine.
I have a doubt about the authentication phase: when I connect to the
network, the provider checks if my key (that is associated to the
certificate that I have downloaded, I suppose) corresponds to the identity
ID that I provide, but does the client (so my computer in this case) check
if the authenticator certificate is correct? I mean, is it possible for
someone to provide a fake access point, configured to accept any user that
tries to connect to it?

I have asked to some people, but everyone seems to have a different opinion
on this: some say that the client must be configured to check if the access
point is a "real" one, thus checking the public provider certificate, while
others say that it is an authenticator option, independent on what the
client does; I thought that you may know better than others the protocol
implementations.
Thank you for your help.

Cheers,
Alessandro

-- 
Sivieri Alessandro
alessandro.sivieri at gmail.com
http://www.chimera-bellerofonte.eu/
http://www.poul.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20091118/6f19d660/attachment.htm