Hi, I've read the Certificate Transparency policy requirements to be implemented starting 15th Oct, 2018. As written, this requirement should only affect "Publicly-trusted Transport Layer Security (TLS) server authentication certificates", but I still have a couple of points that are not completely clear to me.
- End-user certificates for Exchange ActiveSync authentication. In this case I assume only the Exchange server HTTPS connection certificate would be affected and the client certificate authentication would not be checked for CT conformity, right?
- Would CT affect TLS connections for Email protocols - IMAP/POP/SMTP?
- Would CT affect Wi-Fi (e.g., EAP-TLS) and VPN authentication setups?
- Would CT affect MDM servers and more precisly the case where MDM servers are signing payloads with a certificate before sending them to the device. The device would need to verify the signature of a payload, but would it also verify that the signing certificate conforms to the CT policy?
Would be very glad if someone sheds some light on these questions.
The article you referenced was made by Apple Support, and all of your questions are about built-in system components rather than API. Given that, I recommend your ask your question over in Apple Support Communities, run by Apple Support, rather that here in the Developer Forums.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"