cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] The new signature on mobileconfig files

From: Tomasz Wolniewicz <twoln AT umk.pl>
To: Patrik Holmqvist <patrik.holmqvist AT su.se>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
Subject: Re: [[cat-users]] The new signature on mobileconfig files
Date: Tue, 23 Feb 2016 10:55:28 +0100

Frankly, I am not sure. I have a feeling that old, already installed
profiles may suddenly become "untrusted" the moment that the old signing
cert expires. Not sure how the devices will behave if and when this happens.

in EAPlab we did think of preparing personal certificates expiring in 24
hours to be able to test how supplicants for EAP-TLS will behave, but we
have not thought of doing a similar thing for mobileconfig files.

For Windows you can use timestamping which keeps the exe valid even
after the signing cert expires (if you do not use timestamping then the
exe will start rising alerts). For mobilecofig files I did not find the
option to use timestamping in a similar way.

Tomasz

W dniu 2016-02-23 o 10:38, Patrik Holmqvist pisze:
> Hi Tomasz
>
> Just to be clear, this will not impact any already installed profiles on
> devices with the "old" file?
> Just people that have the old file stored on their device and try to
> "install" it after the 26th of February?
>
> --
> Regards Patrik Holmqvist
> Stockholm university
>
> -----Original Message-----
> From: Tomasz Wolniewicz
> [mailto:twoln AT umk.pl]
>
> Sent: den 22 februari 2016 15:14
> To:
> cat-users AT lists.geant.org
> Subject: [[cat-users]] The new signature on mobileconfig files
>
> Hi,
> we have just turned on the new signing module on CAT mobileconfig files.
> It uses the same hardware-token based certificate as the Windows installers.
> All cached mobileconfig files have been deleted, the new ones are being
> crated as users are accessing them.
>
> If people are redistributing files previously downloaded from CAT, then
> please download new copies. The old signing certificate is going to expire
> on the 26th of February and the old profiles will become "untrusted".
>
> On the CAT starting page there is now updated information about the profile
> signer. TERENA has been replaced with GÉANT.
>
> Yours
> Tomasz
>

--
Tomasz Wolniewicz

twoln AT umk.pl
http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576

[[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/22/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
  - Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
    - RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
      - Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
        
        RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
        
        Re: [[cat-users]] The new signature on mobileconfig files, Hans Berggren, 02/23/2016
        
        RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
        RE: [[cat-users]] The new signature on mobileconfig files, Alan Buxey, 02/23/2016
        Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
        Re: [[cat-users]] The new signature on mobileconfig files, A . L . M . Buxey, 02/23/2016
        Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016