2 Apr
2019
2 Apr
'19
10:01 a.m.
Hi As Sebastian already wrote (as I was writing this message), many eduroam institutions - at least european ones for what I can confirm - offer preconfigured profiles or install wizards through the eduroam CAT service. These profiles will often both set CA the supplicant should trust and the server (CN) it should verify: https://cat.eduroam.org/ * This does not prevent users from manually configuring their supplicant and ignore both CA and CN name on the certificate thus ending up with an potentially insecure configuration exposing them to the scenario you described. CAT makes things often easier for end-users and protects them against individual misconfiguration, but we can't stop users from hurting themselves either. ;-) -- Mathieu