Comment by kps
4 years ago
So you can't use a computer on an airgapped network? That seems counterproductive if the objective is security.
4 years ago
So you can't use a computer on an airgapped network? That seems counterproductive if the objective is security.
If your computer is actually airgapped and has no networking interfaces configured, you won't have this issue.
If your computer is able to resolve DNS for ocsp.apple.com but to connection-timeout all traffic, yes, you could possibly reproduce today's issue.
Airgapped network — an IP LAN not connected to the internet. These do exist, sometimes permanently for security reasons, and sometimes just where external connectivity sucks but you still want your laptop to talk to your NAS.
The point stands: if you allow a host to resolve ocsp.apple.com to an unresponsive (timeout) address, it might break macOS the same as today — whether by air gap, by firewall, or who knows what else.
Agreed. These are really useful in various settings, but seem to be outside of most people's experience.