Cert validation on Android platforms

Nick Lowe nick.lowe at gmail.com
Mon Oct 13 22:42:51 CEST 2014


I have reported this before and got the following response back from
the Android security team:

"This is a feature we haven't implemented yet. The initial thought was
that using a private CA is sufficient to enable lot of enterprise
scenarios. While that has turned out to be true, we are realizing that
users are finding it increasingly difficult to keep the CA private.
There are other scenarios where a public CA must be used; and that
simply doesn't work. It is on our roadmap to enable full security for
EAP-TLS - but I can't commit to a date for its release."

I suggest people write to security at android.com to add further weight
to this issue if it affects them.

Nick


More information about the Freeradius-Users mailing list