undefined | Better HN

0 pointsplanb14y ago0 comments

No, you don't. Installing a root ca an iOS device is as easy as sending it via mail to the device and then clicking on it (with a few more clicks to confirm).

edit (because I can't reply): It does show a big warning and you have to enter the device unlock code to do this, so it should be reasonably safe.

0 comments

hmottestad14y ago

Hmm. That sounds like a big security hole. Phishing attacks in particular. Though I guess the extra clicks should discourage users.

LaGrange14y ago

It is necessary — some places have custom non-public CA's, for things like S/MIME and internal servers.

On the other hand, I'm pretty sure Siri doesn't have to communicate with your company's internal servers (and my paranoia already suggests a malicious IT department, reckless — and probably illegal — as that would be), so the code should, in my opinion, accept only specific CAs.

hmottestad14y ago

Compartmentalization would make sense. Installing a root CA in the email app would only work for the email app.

j / k navigate · click thread line to collapse

0 pointsplanb14y ago0 comments

No, you don't. Installing a root ca an iOS device is as easy as sending it via mail to the device and then clicking on it (with a few more clicks to confirm).

edit (because I can't reply): It does show a big warning and you have to enter the device unlock code to do this, so it should be reasonably safe.

0 comments

hmottestad14y ago

Hmm. That sounds like a big security hole. Phishing attacks in particular. Though I guess the extra clicks should discourage users.

LaGrange14y ago

It is necessary — some places have custom non-public CA's, for things like S/MIME and internal servers.

hmottestad14y ago

Compartmentalization would make sense. Installing a root CA in the email app would only work for the email app.

j / k navigate · click thread line to collapse