eduroam Dev VC, 26 June 2018, 1530 CEST
============
Attendees
-----------
Ingimar Jonsson RHnet .is
Miroslav Milinovic, Srce/CARNET
Stefan Winter, RESTENA
Tomasz Wolniewicz, PSNC
Maja Górecka-Wolniewicz, PSNC
Mike Zawacki, Internet2
Martin Stanislav, SANET
Pedro Simões, FCCN
Tsotne Gozalishvili, GRENA
Apologies
----------
Zenon Mousmoulas GRNET
Agenda
---------
0) Audio engineering ;)
1) Welcome, agenda bashing
2) Wi-Fi Alliance's Wi-Fi CERTIFIED WPA3(tm) Security
WPA3 includes changes in WPA-Personal and WPA-Enterprise; the previously press released changes to Open networks are not part of it - there is a separate Wi-Fi CERTIFIED Enhanced Open for that (but that's irrelevant to eduroam)
PMF: can be Off, Supported or Required -> Supported is minimum for WPA3
WPA: WPA1 has to be turned off for WPA3 compliance
This is a true equivalence: no beacon indication or other on-the-wire difference - WPA2 + PMF support - WPA1 support will be shown on client devices as "This is a WPA3 network"
WPA3-Enterprise with 192-Bit Security
no backwards compatibility: if you enable this mode, the SSID is not allowed to support any other mode
RADIUS/EAP servers need TLS 1.2 and long server keys; majority of IdPs is not currently up to the task
It is probably a good idea to do two things in parallel
a) SPs please do not turn this on
b) IdPs upgrade your RADIUS/EAP server just in case someone turns it on or we change the approach
It is important to note that there is no "just turn it on" for SPs - if they turn it on on the standard SSID, they break all legacy -> bad; if they turn it on on a new SSID then we'd need some clarity on what the new SSID is
maybe a way forward is to state "DO NOT turn it on; but if you really want to, at least use the standardised SSID X" for some value of X
Everybody is encouraged to turn on PMF and off WPA1, and report about experiences.
3) WBA webinar on "Dynamic Roaming"
Please see mail on mailing list (and mobility) - SW will attend recording; meeting clash on Wednesday.
4) eduroam CAT and Managed IdP: update regarding beta1 and move to
production
beta1 slightly delayed; still waiting for Android app to catch up with server-side updates
GEANT Project Management officially signed off "Transition to Production" phase
5) AOB, next VC
according to schedule: 10 July 2018, 1530 CEST
