[Joe] It seems there is a lot of complexity here. It seems that being able to validate the server's root would be sufficient in most cases. At least there is some trust chain back a server, validating the SSID at this point does not seem to add too much.
Assuming that the selected SSID advertising Emergency Sevices has no pre-existing profile, I would agree that validating the server certificate to some set of trust anchors (that may be specific to emergency services) is sufficient.
If we are talking about a pre-existing profile, then the authentication policy for that profile should still be enforced. For example, an attacker shouldn't be able to trick a victim into abandoning an existing profile just by advertising "Emergency Services" capability along with the SSID. After all, the existing profile may require use of a different EAP method, set of trust anchors, etc.
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
