Landis Vinchattle

https://supportforums.cisco.com/blog/9913621/using-open-source-dogtag-certificate-authority-ise-byod I tinkered with this at work, but found it lacking from a production standpoint.  This may be due in part to working outside my typical Debian-based comfort zone.  Will probably look at it again at home and see if it shows more promise with experience.

https://www.rfc-editor.org/rfc/rfc4334.txt Surprisingly short read, with incredibly little – effectively “no” – information on anyone actually implementing it.  Unsure at this point if anyone actually has, if it’s something that’s just done within larger proprietary systems, or whether it’s not done at all because clients don’t take advantage of it.  Virtually every reference I could find […]

http://assesspki.googlecode.com/svn-history/r12/trunk/paper/assessing-enterprise-pki-deployments.docx Good document with information on elements that should be present, and recommended values, for several common X.509 certificate use cases/types.

http://www.privacywonk.net/2010/10/security-how-to-wpa2-enterprise-on-your-home-network.php Nice write-up.  Very straightforward and easy to follow.  I was searching for info on extendedKeyUsage with automatic SSID/certificate matching (per RFC4334), so this wasn’t quite it, but was noteworthy.

http://www.zytrax.com/tech/survival/ssl.html Helpful info.  Looks to be some other good reading on the site as well.

https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt Seems to get into some good depth, breaks up the material by interspersing relevant quotes.  Helps an otherwise dry topic.