eduroam Development VC Minutes 2024-10-08 1530 CEST

Attendance

Attendees

  • Stefan Winter (Restena)
  • Stefan Paetow (Jisc - coming to you live from the WGC)
  • Paul Dekkers (SURF - next to Stefan at WGC)
  • Ed Kingscote (CANARIE)
  • Derek Eiler (NSHE)
  • Mike Zawacki (Internet2)
  • Christian Rohrer (Switch)
  • Tomasz Wolniewicz (PSNC)
  • Alan DeKok (FreeRADIUS)
  • Zbigniew Ołtuszyk (PSNC)
  • Louis Twomey (HEAnet)
  • Anders Nilsson (SUNET)
  • Fabian Mauchle (Switch)
  • Frederic Gerber (Switch)
  • Maja Górecka-Wolniewicz (PSNC)
  • Wenche Backman-Kamila (CSC/Funet)
  • Guy Halse (TENET), late
  • Ed Wincott (Jisc), late

Regrets

  • Zenon Mousmoulas (GRNET)
  • Janfred Rieckers (DFN)

Agenda / Proceedings

  1. Welcome / Agenda Bashing

  2. WPA3 no-transition for eduroam

    • testing from TNC presentation 2024 showed very good compatibility
    • we still suggest WPA2/3 Transition Mode
    • can we level up to suggest WPA3 (pure)?
    • Safe to do so on new deployments; as it can’t possibly DoS any existing users
    • small hiccups can’t be excluded (both ways - with and without transition mode); but can be worth it
    • not necessary to make WPA3 mandatory - no significant attacks on it yet, and not everybody has WPA3 equipment
    • We should make clear the “transition-complete” flag is NEVER set
    • cross-check with the eduroam Service Definition - is it (currently) okay to do WPA3-only?
    • Everyone is invited to test (oldish) devices for their WPA3 compatibility (i.e. support for PMF)

  3. Portnox update

    • company listening to the needs of our community
    • Jisc working with them for testing of functionalities
    • Hopefully Jisc are able to make things work which should make life easier for existing customer in .ca

  4. OpenRoaming / WBA Meeting update

    • meeting currently happening, hot-off-the-press news
    • meetings with Cisco, Google, all very productive
    • Interest in testing with eduroam, and working on the list of issues we see
    • discussions with WBA around becoming an I-CA for IdP and ANP are still continuing (rules are being revised)
    • even without I-CA: possible to issue certs as an agent
    • you can now register your interest (best to get certs after 2 Dec, as the root rolls over at that time)
    • what is the scope for issuing? NROs only? Issue certs to institutions? Individually, or only after approval by NRO.

  5. NRO Update

    • Chris Philipps is no longer an NRO admin for .ca

  6. AOB1

    • IETF radext interim meeting tonight (20:00 CEST)

  7. AOB2

    • geteduroam: redirect profile question
    • this is about redirects NOT to the geteduroam portal, but a third-party website.
    • geteduroam app seems not to open a browser to that URL
    • error was reproducible in VC (Android), Paul takes it to the devs
    • How to report issues like this? Slack, GitHub Issues, talking to Paul, all work.

  8. Next VC

    • 22 Oct 2024, 1530 CEST
  • No labels