Hi all,<div><br></div><div>I have found this mailing list on the WPA Supplicant application Web page, and I'm writing here to solve a doubt: I use for work a wireless connection, which is configured to use WPA Enterprise (with WPA-EAP); to use it, I have downloaded the certificate from my provider's Web page, associated to my ID, and everything is working fine.</div>
<div>I have a doubt about the authentication phase: when I connect to the network, the provider checks if my key (that is associated to the certificate that I have downloaded, I suppose) corresponds to the identity ID that I provide, but does the client (so my computer in this case) check if the authenticator certificate is correct? I mean, is it possible for someone to provide a fake access point, configured to accept any user that tries to connect to it?</div>
<div><br></div><div>I have asked to some people, but everyone seems to have a different opinion on this: some say that the client must be configured to check if the access point is a "real" one, thus checking the public provider certificate, while others say that it is an authenticator option, independent on what the client does; I thought that you may know better than others the protocol implementations.</div>
<div>Thank you for your help.</div><div><br></div><div>Cheers,</div><div>Alessandro</div><div><br>-- <br>Sivieri Alessandro<br><a href="mailto:alessandro.sivieri@gmail.com">alessandro.sivieri@gmail.com</a><br><a href="http://www.chimera-bellerofonte.eu/">http://www.chimera-bellerofonte.eu/</a><br>
<a href="http://www.poul.org/">http://www.poul.org/</a><br>
</div>