> As far as using certificates --- sure, it's possible to set up EAP-TLS > using client certificates. It can be done on Mac, Windows, and Linux. > But the setup of that across multiple operating systems and getting > users to correctly set up their certificates, sending a CA signing > request securely to a central system, configuring their client WiFi > system to deal with EAP-TLS, etc., is a usability nightmare. That is sadly true. However, it would still be a good idea to do at the IETF gathering, *because* it is currently a usability nightmare. There is not enough both real world experience, and exposure of IETF participant attendees to actual "tip of the spear" usability of interesting use cases like this. If lots of smart and networking aware people all get the chance to do this kind of "interop and usability" "testing" all at once, then a lot of useful knowledge, tips, howtos, bug discovery, and application feedback will happen, which I believe can only be a good thing towards fixing the usability bottleneck that client certs are today. ..m _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf