3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-28 21:19:24 +01:00

TODO: Add certificate element matching task

This commit is contained in:
Denis Kenzior 2018-08-30 14:39:00 -05:00
parent 35231a1b2c
commit 451ae3ba84

14
TODO
View File

@ -354,3 +354,17 @@ Wireless daemon
Priority: Medium Priority: Medium
Complexity: C2 Complexity: C2
- Implement EAP Authenticator certificate element matching
With TLS based EAP methods it is possible for certain Man-In-The-Middle
attacks to be performed by having a trusted CA issue a certificate for an
unrelated domain and then have an adversary utilize that certificate to spoof
trusted Access Points for a certain SSID. To prevent this it is possible
for clients to further limit what certificates they accept by utilizing
dNSName sub-element of SubjectAltName in the X.509 certificate (or
alternatively the SubjectName CN) of the Authenticator. This matching can
be done by suffix, an exact match, or perhaps even glob matching.
Priority: Medium
Complexity: C8