mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-22 06:29:23 +01:00
TODO: Mark certificate domain matching as done
This commit is contained in:
Denis Kenzior
parent
2bbd61cd1c
commit
0d900cf250
14
TODO
14
TODO
@ -295,20 +295,6 @@ Wireless daemon
|
||||
Priority: Low
|
||||
Complexity: C8
|
||||
|
||||
- Implement EAP Authenticator certificate element matching
|
||||
|
||||
With TLS based EAP methods it is possible for certain Man-In-The-Middle
|
||||
attacks to be performed by having a trusted CA issue a certificate for an
|
||||
unrelated domain and then have an adversary utilize that certificate to spoof
|
||||
trusted Access Points for a certain SSID. To prevent this it is possible
|
||||
for clients to further limit what certificates they accept by utilizing
|
||||
dNSName sub-element of SubjectAltName in the X.509 certificate (or
|
||||
alternatively the SubjectName CN) of the Authenticator. This matching can
|
||||
be done by suffix, an exact match, or perhaps even glob matching.
|
||||
|
||||
Priority: Medium
|
||||
Complexity: C8
|
||||
|
||||
- Support receiving OCE FILS Discovery Frames
|
||||
|
||||
When operating in station mode, we should support receiving of FILS
|
||||
|
||||
Loading…
Reference in New Issue
Block a user