mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-28 21:19:24 +01:00
TODO: Add certificate element matching task
This commit is contained in:
parent
35231a1b2c
commit
451ae3ba84
14
TODO
14
TODO
@ -354,3 +354,17 @@ Wireless daemon
|
|||||||
|
|
||||||
Priority: Medium
|
Priority: Medium
|
||||||
Complexity: C2
|
Complexity: C2
|
||||||
|
|
||||||
|
- Implement EAP Authenticator certificate element matching
|
||||||
|
|
||||||
|
With TLS based EAP methods it is possible for certain Man-In-The-Middle
|
||||||
|
attacks to be performed by having a trusted CA issue a certificate for an
|
||||||
|
unrelated domain and then have an adversary utilize that certificate to spoof
|
||||||
|
trusted Access Points for a certain SSID. To prevent this it is possible
|
||||||
|
for clients to further limit what certificates they accept by utilizing
|
||||||
|
dNSName sub-element of SubjectAltName in the X.509 certificate (or
|
||||||
|
alternatively the SubjectName CN) of the Authenticator. This matching can
|
||||||
|
be done by suffix, an exact match, or perhaps even glob matching.
|
||||||
|
|
||||||
|
Priority: Medium
|
||||||
|
Complexity: C8
|
||||||
|
Loading…
Reference in New Issue
Block a user