cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Patrik Holmqvist <patrik.holmqvist AT su.se>
- To: Tomasz Wolniewicz <twoln AT umk.pl>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: RE: [[cat-users]] The new signature on mobileconfig files
- Date: Tue, 23 Feb 2016 13:42:47 +0000
- Accept-language: sv-SE, en-US
That is really unfortunate! We have done some tests here now on both OS X and
iOS based devices that indicates that every device configured with the
mobile.config files before today will stop working 10 days (2016-03-07) after
the signing certificate expires (2016-02-26).
Our test method is based on setting the date to a date in the future and see
when it brakes, and it seems like 10 days after expiration is the magic
number (maybe this is some kind of grace-period?)
This will have a major impact on our eduroam user base and I am guessing that
we are not the only ones here that will suffer from this.
Regards
Patrik
-----Original Message-----
From: Tomasz Wolniewicz
[mailto:twoln AT umk.pl]
Sent: den 23 februari 2016 10:55
To: Patrik Holmqvist
<patrik.holmqvist AT su.se>;
cat-users AT lists.geant.org
Subject: Re: [[cat-users]] The new signature on mobileconfig files
Frankly, I am not sure. I have a feeling that old, already installed profiles
may suddenly become "untrusted" the moment that the old signing cert expires.
Not sure how the devices will behave if and when this happens.
in EAPlab we did think of preparing personal certificates expiring in 24
hours to be able to test how supplicants for EAP-TLS will behave, but we have
not thought of doing a similar thing for mobileconfig files.
For Windows you can use timestamping which keeps the exe valid even after the
signing cert expires (if you do not use timestamping then the exe will start
rising alerts). For mobilecofig files I did not find the option to use
timestamping in a similar way.
Tomasz
W dniu 2016-02-23 o 10:38, Patrik Holmqvist pisze:
> Hi Tomasz
>
> Just to be clear, this will not impact any already installed profiles on
> devices with the "old" file?
> Just people that have the old file stored on their device and try to
> "install" it after the 26th of February?
>
> --
> Regards Patrik Holmqvist
> Stockholm university
>
> -----Original Message-----
> From: Tomasz Wolniewicz
> [mailto:twoln AT umk.pl]
> Sent: den 22 februari 2016 15:14
> To:
> cat-users AT lists.geant.org
> Subject: [[cat-users]] The new signature on mobileconfig files
>
> Hi,
> we have just turned on the new signing module on CAT mobileconfig files.
> It uses the same hardware-token based certificate as the Windows installers.
> All cached mobileconfig files have been deleted, the new ones are being
> crated as users are accessing them.
>
> If people are redistributing files previously downloaded from CAT, then
> please download new copies. The old signing certificate is going to expire
> on the 26th of February and the old profiles will become "untrusted".
>
> On the CAT starting page there is now updated information about the profile
> signer. TERENA has been replaced with GÉANT.
>
> Yours
> Tomasz
>
--
Tomasz Wolniewicz
twoln AT umk.pl
http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/22/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Hans Berggren, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Alan Buxey, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, A . L . M . Buxey, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Hans Berggren, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
- Re: [[cat-users]] The new signature on mobileconfig files, Tomasz Wolniewicz, 02/23/2016
- RE: [[cat-users]] The new signature on mobileconfig files, Patrik Holmqvist, 02/23/2016
Archive powered by MHonArc 2.6.19.