Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-02-16 15:20:42 +01:00
Code Releases Activity

TODO: Mark certificate domain matching as done

Browse Source
This commit is contained in:
Denis Kenzior 2019-09-17 16:04:45 -05:00
parent 2bbd61cd1c
commit 0d900cf250
1 changed files with 0 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
TODO
View File

@ -295,20 +295,6 @@ Wireless daemon
Priority: Low Priority: Low
Complexity: C8 Complexity: C8
- Implement EAP Authenticator certificate element matching
With TLS based EAP methods it is possible for certain Man-In-The-Middle
attacks to be performed by having a trusted CA issue a certificate for an
unrelated domain and then have an adversary utilize that certificate to spoof
trusted Access Points for a certain SSID. To prevent this it is possible
for clients to further limit what certificates they accept by utilizing
dNSName sub-element of SubjectAltName in the X.509 certificate (or
alternatively the SubjectName CN) of the Authenticator. This matching can
be done by suffix, an exact match, or perhaps even glob matching.
Priority: Medium
Complexity: C8
- Support receiving OCE FILS Discovery Frames - Support receiving OCE FILS Discovery Frames
When operating in station mode, we should support receiving of FILS When operating in station mode, we should support receiving of FILS