Alan DeKok <[email protected]> wrote: > One of my colleagues, Arran Cudbard-Bell wrote a cute tool a few years > ago. It would pretend to be a WiFI hotspot. Then when systems tried > to do EAP, it would strip the realm from the EAP identity. It would > then, use HTTPS to connect to a web server for that realm, and download > that HTTPS server cert. That cert would then be cloned under a new > "self signed" CA, and the cloned cert presented to the user.
Why did you need the HTTPS server cert? Did you need the OIDs, and stuff out of it? Why wasn't the realm name enough to make the imposter cert from the non-authorized CA? I'm just trying to understand how the HTTPS cert is involved here. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
