Educause Security Discussion mailing list archives
Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection
From: Rich Graves <rcgraves () BRANDEIS EDU>
Date: Wed, 18 Oct 2017 13:12:29 -0500
No, you need a profile, period. Or a leap of faith by the client – I kinda like the way that Windows 10 presents that choice to the user. “Do you expect to find this network in this location?” For HTTPS, security depends on consistency between the name the user types (or at least sees) in the address bar, and the name on the SSL certificate (which must be signed by a trusted third party). For WiFi, there is no address bar and no fully qualified domain name that can be traced to a physical entity. There is no absolutely no technically provable relationship between the SSID (name of the wireless network) and the authentication server behind it. Therefore, we must hard-code the triplet of SSID, authentication server, and certificate authority into the client wireless configuration. See: https://docs.google.com/presentation/d/1M3ETLK1VkYfUlJyTmkoLH5Ex-1CSE1y-stDVITDvQJA/edit#slide=id.g63659399_1_96 There is very little reason to go with a public CA rather than a long-lived private CA for 802.1X. I used to say “no reason” but manual configuration can be ever so slightly easier on Android.
Current thread:
- Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Jim Williams Jr (Oct 18)
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Francisco Chavez (Oct 18)
- <Possible follow-ups>
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Jim Williams Jr (Oct 18)
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Rich Graves (Oct 18)
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Ted Pham (Oct 18)