13 Oct
2014
13 Oct
'14
4:42 p.m.
I have reported this before and got the following response back from the Android security team: "This is a feature we haven't implemented yet. The initial thought was that using a private CA is sufficient to enable lot of enterprise scenarios. While that has turned out to be true, we are realizing that users are finding it increasingly difficult to keep the CA private. There are other scenarios where a public CA must be used; and that simply doesn't work. It is on our roadmap to enable full security for EAP-TLS - but I can't commit to a date for its release." I suggest people write to security@android.com to add further weight to this issue if it affects them. Nick