https://bugs.kde.org/show_bug.cgi?id=514986
--- Comment #2 from [email protected] --- (In reply to Albert Astals Cid from comment #1) > Not a wifi expert so bear with me if i am saying stupid things. > > Isn't this a misconfiguration issue on the user side? Normally, checking any server certificate (take HTTPS for example) is done either by the application (web browser) or the system itself using trusted CA certificate anchors within the system or the app. It's out of scope for a normal user. So a normal user may assume that the certificate checking is done properly unless the UI of the application explicitly warns that it doesn't or can't (e.g. SSL cert errors in browsers). Hence a normal user configuring a PEAP or TTLS wifi connection may in good faith assume that RADIUS server certificates are checked, unless they are warned otherwise. If I'm not mistaken, Gnome only accepts all RADIUS certs if the "Ignore CA" checkbox (or something along those lines) in the configuration dialogue is checked. The UI does not warn that when not configuring an explicit CA file, the supplicant will accept all RADIUS certs. This is a problem, it's not at all transparent for the user. Especially since they're used to all other apps (email, browser etc.) naturally check certificates properly. -- You are receiving this mail because: You are watching all bug changes.
