Skip to Content.
Sympa Menu

cat-users - Re: [cat-users] Realm connectivity test - unable to verify certificate

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [cat-users] Realm connectivity test - unable to verify certificate


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Tomasz Wolniewicz <twoln AT umk.pl>, cat-users AT geant.net
  • Subject: Re: [cat-users] Realm connectivity test - unable to verify certificate
  • Date: Tue, 30 Jun 2015 08:49:05 +0200
  • List-archive: <http://mail.geant.net/pipermail/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hi,

>> If the 802.1X client has no connectivity to get the CRL
>> anyway....thinking windows phone clients here that need CRLDP defined.
>> ..is this worth it? We're not using the Web after all. ..
> First of all the device could have other means of connectivity, like
> GSM. Secondly a test AFTER the connection still makes a lot of sense.
> The current .1x approach makes it completely impossible to revoke a
> server certificate if the key got compromised, and this is REALLY BAD.
> So a test after the connection and marking the cert permanently ad bad
> and alerting the user about a possible credentials compromise, would be
> quite useful if implemented correctly.

I guess Alan's point is that since there is *no* supplicant out there
actually performing any checks, is it worth for us to be that extra
picky and complain anyway?

Of course we can just let it be. I'd find that a bit sad, but if it's
what people want, I can be talked into not coding this and will find
somethin else to do instead.

?

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page