Comment Re:EAP? (Score 1) 150
I believe the problem is that the interface for this and the way warnings are handled is just horrible and inconsistent between clients.
For example, android requires yout to set a passcode in order to store the public certificate. That's right you need to lock your device so nobody can get access to that PUBLIC key. duh. Clearly you should have a passcode for a private key, but not a public one. I"m not sure if this has been straitened out or not. Also it's often not clear if you can say the equivalent of "trust the current certificate, and warn me if the network tries to give a different one". It typically asks you to manually load the certificate that the server can easily send to the client.
This doesn't even mention that generally the cert will be signed in a way that it can be verified through the same trust chain the web browser uses. While this isn't optimal, it's pretty decent in practice and could easily be implemented as an option.