Re: UI for dealing with certs appears insecure

L. David Baron wrote:
> [connecting to a WPA2 enterprise network that uses a well known CA] 
> In this particular case, it seems somebody could steal my password
> if they set up a wireless network nearby with the same SSID, a
> stronger signal, and a valid cert purchased from the same CA (but
> for a different domain).  Or, if I choose the full root cert list
> for the CA (since I really don't know any other way to figure out
> what the right root CA is other than finding a friend with a Mac to
> connect to that wireless network), the attacker could use a valid
> cert from any CA.

Exactly. It's impossible to configure NetworkManager in a safe way for this
scenario. From what I've seen so far it seems other implementations aren't much
better though. I've written a paper about the issue:


 (o_   Ludwig Nussel
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]