3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 13:02:44 +01:00

TODO: Mark certificate domain matching as done

This commit is contained in:
Denis Kenzior 2019-09-17 16:04:45 -05:00
parent 2bbd61cd1c
commit 0d900cf250

14
TODO
View File

@ -295,20 +295,6 @@ Wireless daemon
Priority: Low
Complexity: C8
- Implement EAP Authenticator certificate element matching
With TLS based EAP methods it is possible for certain Man-In-The-Middle
attacks to be performed by having a trusted CA issue a certificate for an
unrelated domain and then have an adversary utilize that certificate to spoof
trusted Access Points for a certain SSID. To prevent this it is possible
for clients to further limit what certificates they accept by utilizing
dNSName sub-element of SubjectAltName in the X.509 certificate (or
alternatively the SubjectName CN) of the Authenticator. This matching can
be done by suffix, an exact match, or perhaps even glob matching.
Priority: Medium
Complexity: C8
- Support receiving OCE FILS Discovery Frames
When operating in station mode, we should support receiving of FILS