cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: cat-users AT geant.net
- Subject: Re: [cat-users] Realm connectivity test - unable to verify certificate
- Date: Tue, 30 Jun 2015 08:38:06 +0200
- List-archive: <http://mail.geant.net/pipermail/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
W dniu 2015-06-30 o 08:30, Alan Buxey pisze:
> If the 802.1X client has no connectivity to get the CRL
> anyway....thinking windows phone clients here that need CRLDP defined.
> ..is this worth it? We're not using the Web after all. ..
First of all the device could have other means of connectivity, like
GSM. Secondly a test AFTER the connection still makes a lot of sense.
The current .1x approach makes it completely impossible to revoke a
server certificate if the key got compromised, and this is REALLY BAD.
So a test after the connection and marking the cert permanently ad bad
and alerting the user about a possible credentials compromise, would be
quite useful if implemented correctly.
Tomasz
--
Tomasz Wolniewicz
twoln AT umk.pl
http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- [cat-users] Realm connectivity test - unable to verify certificate, Deyan Stoykov, 06/25/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Stefan Winter, 06/25/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Deyan Stoykov, 06/26/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Stefan Winter, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Alan Buxey, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Tomasz Wolniewicz, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Stefan Winter, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Alan Buxey, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Stefan Winter, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Tomasz Wolniewicz, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Deyan Stoykov, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, A . L . M . Buxey, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Alan Buxey, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Stefan Winter, 06/30/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Deyan Stoykov, 06/26/2015
- Re: [cat-users] Realm connectivity test - unable to verify certificate, Stefan Winter, 06/25/2015
Archive powered by MHonArc 2.6.19.