From 0d900cf2507e4468d847b65e8f760fb7a0d99dd2 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Tue, 17 Sep 2019 16:04:45 -0500
Subject: [PATCH] TODO: Mark certificate domain matching as done

---
 TODO | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/TODO b/TODO
index 555da715..95bb6e0f 100644
--- a/TODO
+++ b/TODO
@@ -295,20 +295,6 @@ Wireless daemon
   Priority: Low
   Complexity: C8
 
-- Implement EAP Authenticator certificate element matching
-
-  With TLS based EAP methods it is possible for certain Man-In-The-Middle
-  attacks to be performed by having a trusted CA issue a certificate for an
-  unrelated domain and then have an adversary utilize that certificate to spoof
-  trusted Access Points for a certain SSID.  To prevent this it is possible
-  for clients to further limit what certificates they accept by utilizing
-  dNSName sub-element of SubjectAltName in the X.509 certificate (or
-  alternatively the SubjectName CN) of the Authenticator.  This matching can
-  be done by suffix, an exact match, or perhaps even glob matching.
-
-  Priority: Medium
-  Complexity: C8
-
 - Support receiving OCE FILS Discovery Frames
 
   When operating in station mode, we should support receiving of FILS