There seems to be a big issue with the implementation of EAP-TTLS in its actual form. The list of certificate seems to be empty. It is therefore pretty hard for an user to select the proper tls certificate. Nonetheless, It is mandatory, for the proper implementation of tls, that the CA of the certificate is checked. It let every single android phone vulnerable to a MITM. What can the community do about this ? Or what can I do about this ?
-- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
