Skip to Content.

cat-users - Re: [[cat-users]] eduroamCAT App sources available

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] eduroamCAT App sources available


Chronological Thread 
    < Chronological >      < Thread >
  • From: Ralf Jung <jung AT mpi-sws.org>
  • To: Stefan Winter <stefan.winter AT restena.lu>, A.L.M.Buxey AT lboro.ac.uk
  • Cc: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] eduroamCAT App sources available
  • Date: Mon, 8 Feb 2016 13:08:27 +0100
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT mpi-sws.org
Hi,

> Only the *CA* certificate is pinned. If that is a commercial CA with
> millions of valid certificates out there, it is (potentially) not very
> difficult to get a valid cert from that CA.
>
> That other cert will have a name showing that it's unrelated; but since
> the name is not displayed nor checked, users will fall for it without
> having a chance of noticing.
>
> Only specifying the expected name *together with* the CA which issues a
> cert on that name has the full security effect.

I see, thanks.
In my case, the CA is an institute-internal one, so this should not apply.

Kind regards,
Ralf

Archive powered by MHonArc 2.6.19.

Top of Page