More On User Installable Certificates for Wifi (And WiMAX)

Some days ago I have speculated how a WiMAX world might look like without SIM cards. It’s likely that certificates are going to be used to authenticate terminals and users to the network (and vice versa). The big open question is whether these certificates are pre-installed and can not be changed, i.e. the device is locked to the network, or if they can be installed by the user. This would have the advantage that a device can be used in any network that allows user installable certificates.

Wireless LAN already uses user installable certificates in WPA-enterprise mode and larger organizations are already making use of this. Here’s an example from a university that uses PEAP. To my surprise, my Nokia N93 phone already seems to support a large number of different EAP authentication methods today, see the picture on the left.

What’s worrying me a bit is the many different types of EAP methods. That’s going to create the heck of an issue for non-tech end users. Also, how do you keep a (software) certificate save? With a SIM card that’s much easier since it is a piece of hardware.