No way for user to remove CAs from Trust Store
| Originator: | pepi.zawodsky | ||
| Number: | rdar://18708207 | Date Originated: | 20-Oct-2014 05:56 PM |
| Status: | Open | Resolved: | |
| Product: | iOS | Product Version: | Any, including 8.0.x, 8.1.x |
| Classification: | Security | Reproducible: | Always |
Summary: No way for user to remove CAs from Trust Store Steps to Reproduce: Search in Settings.app for a way to configure the trust store or iOS. Expected Results: There should be a list of iOS trusted Root CAs that can be configured by the user to disable compromised and distrusted CAs at any time to reduce reaction time in case. Actual Results: While there is an indicator with the version of the Trust store used on the device there is absolutely not way to disable any root CA installed on the device. Regression: This has never been the case in iOS unlike OS X where this is possible with Keychain.app. This has always been a security issue in iOS. Notes: A way to manage the trust store for IT-departments and users is severely needed.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!