Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

I've watched this thread with interest, but it went on rather a divergent course so I'll just reply to this initial one (somewhat belatedly). So Andrew's original below is about https://support.apple.com/en-gb/HT211025, and true enough that's applicable for pre-installed root CAs, so those

Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

On 20/8/20 1:01 am, Smith, Todd wrote: > If I come onto your institution then I would have to accept your > certificate chain to be granted access.  Why should I trust your chain > over a major CA provider?  Obviously, you have the control and authority > to insist on whatever access conditions

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

significantly smaller. Jeff From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Tim Cappalli Sent: Wednesday, August 19, 2020 2:01 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? I

Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

nt:* Wednesday, August 19, 2020 4:45:27 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Subject:* Re: [WIRELESS-LAN] New certificate expiration for certificates > affecting 802.1X? > > Tim commented: > ...I highly doubt a majority of organ

Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

equ...@listserv.educause.edu> Sent: Wednesday, August 19, 2020 4:45:27 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Tim commented: ...I highly doubt a majority of organizations have every single non-Wi-Fi resource pro

Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

Tim commented: ...I highly doubt a majority of organizations have every single non-Wi-Fi resource protected with strong MFA at this point in time. In our case, we use PEAP and use the same PW for WiFi as for everything else, but most of everything else (and growing) requires MFA. I hope that's

Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Tim Cappalli Sent: Wednesday, August 19, 2020 9:43 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? My old colleagues likely won’t be happy with me

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

SE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Tim, Isn’t it easier for a bad actor to pull user/passwords from the various online compromised credential databases, then collect them from W

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

. Sessler<mailto:j...@scrippscollege.edu> Sent: Wednesday, August 19, 2020 13:38 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? For a student population th

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

19, 2020 9:43 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? My old colleagues likely won’t be happy with me saying this, but given the industry changes, I think you should collectively pressure NAC vendors

RE: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

; Sent: Wednesday, August 19, 2020 13:23 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Tim, Thank you for your response. The issu

RE: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

, August 19, 2020 1:12 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? The core difference is a user or device password cannot be compromised when modern authentication is used

RE: [WIRELESS-LAN] [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

RV.EDUCAUSE.EDU>] On Behalf Of Tim Cappalli Sent: Wednesday, August 19, 2020 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Correct, some versions of operatin

RE: [EXTERNAL] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

i Sent: Wednesday, August 19, 2020 11:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Correct, some versions of operating systems do not support a self-signed EAP server

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

:ty...@beloit.edu> Sent: Wednesday, August 19, 2020 12:39 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Yes, I always find this conversation to be interesting. Th

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

@LISTSERV.EDUCAUSE.EDU *Subject: *Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Hi Tim, Can you please further elaborate the issues with self-signed certs vs private CA signed certs besides the manageability stuffs? I understand some OSes cannot connect

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

SS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Hi Tim, Can you please further elaborate the issues with self-signed certs vs private CA signed certs besides the manageabilit

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Mike Atkins Sent: Wednesday, August 19, 2020 11:51 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? CAUTION: This email originated from outside

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

Wireless Issues Community Group Listserv < WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> *On Behalf Of *Tim Cappalli *Sent:* Wednesday, August 19, 2020 11:34 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

nesday, August 19, 2020 11:31 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? Tim, We use the public certificates for users that do not use our onboarding utility. We use a

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

posure is not a concern). Tim *From: *Mike Atkins *Sent: *Wednesday, August 19, 2020 10:34 *To: *WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject: *Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? We were burnt last December by an updated cert with the same cert chain and

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

). Tim From: Mike Atkins<mailto:matk...@nd.edu> Sent: Wednesday, August 19, 2020 10:34 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? We were burnt l

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

witter -Original Message- From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Tim Tyler Sent: Wednesday, August 19, 2020 8:45 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X? [T

Re: [External] Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

Every day I am more and more thankful that we migrated off of InCommon for dot1X. We slid right under the door for all this Apple stuff. Life has never been better on our private CA. On Wed, Aug 19, 2020 at 08:42 Andrew Gallo < 01d1fb3cd70a-dmarc-requ...@listserv.educause.edu> wrote: >

RE: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

I was told by Sertigo that all commercial certs would be affected. We just bought the last 2 year expirations we could get away with for both 802.1x and https. The reason I am told has to do with so many smaller establishments that go out of business before their cert expires leaving the cert as

Re: [WIRELESS-LAN] New certificate expiration for certificates affecting 802.1X?

Google’s announcement was for Chrome so it is not clear whether there will be a change in Android. Apple’s announcement is system-wide on macOS and iOS. But keep in mind it does not apply to non-public CAs, which are the only trust chains that should be used for EAP. tim