Brian Julin wrote: > Slightly OT, but I'd like to encourage folks here who have a google > account to "star" > up issue #37178 on code.google.com to see if we cannot get Android > developers to make > future versions of the OS behave sanely WRT which AAA server > certificates they will accept.
Making things work is always on topic. Publicly shaming vendors who get RADIUS wrong is always on topic. > I also left a long screed there about what the optimal behavior might be > which some > here might like to comment on. I'd suggest putting up a web page explaining how you can steal android credentials via a malicious AP. If you can get it to do TTLS + PAP for a random certificate, that's good for a CERT issue. And they'll pay attention to that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
