eduroam Development VC Minutes 2021-12-07 1530 CET

Attendance

Attendees

• Stefan Winter (Restena)
• Mike Zawacki (Internet2)
• Arnaud Lauriou (RENATER)
• Tomasz Wolniewicz (PSNC)
• Geoffroy Arnoud (RENATER)
• Maja Gorecka-Wolniewicz (PSNC)
• Zbigniew Ołtuszyk (PSNC)
• Anders Nilsson (SUNET)
• Stephanie Cooper (ANYROAM)
• Chad Bauer (ANYROAM)
• Thomas Bärecke (SWITCH)
• Dubravko Penezic (Srce)
• Wenche Backman-Kamila (CSC/Funet)

Regrets

• Zenon Mousmoulas (GRNET)
• Chris Phillips (CANARIE)
• Janos Mohacsi (KIFU)
• Hideaki Goto (Tohoku University/NII)
• Christian Rohrer (SWITCH)

Agenda / Proceedings

1. Welcome / Agenda Bashing

2. MAC Address randomization “Reloaded”

   • after discussion with ZA rep, MAC address randomisation doesn’t seem to be much of a hardware / AP issue there. Aspects like (not any more) being able to detect credential sharing abuse etc. is much more a concern
   • Tongue in cheek: is Tomasz’s Meru hardware problem maybe the only brand/model out there with these issues? Can we just move on and keep MAC address randomization on?
   • did StefanP have another specimen of hardware not doing this properly last time? -> please tell the mailing list

3. Proxy Settings documentation

   • https://wiki.geant.org/display/H2eduroam/eduroam+SP “Proxy Settings”
   • (also had a GEANT/CAT issue raised about this: https://github.com/GEANT/CAT/issues/228)

4. WPA3 - causing issues?

   • Reminder:
     • WPA2 without Protected Management Frames => “WPA2”
     • WPA2 with optional Protected Management Frames => “WPA3 Transitional” “WPA2/WPA3”
     • WPA2 with mandatory Protected Management Frames => “WPA3 Only”
   • If you had PMF-capable WPA2 hotspots before, you also had WPA3 hardware without knowing it.
   • You could have turned on PMFs for years; and would get the same problems you now get when setting WPA3 modes.
   • Those problems would be only with clients that do NOT understand PMFs.
   • I.e. nothing new really. New labels for old things.
   • (And so, unsurprisingly, there is no difference in installer vocabulary to support WPA3)
   • WPA2/3 transitional has been seen working nicely in the field, should be safe.
   • Please try it out and report if there are significant issues with it.

5. CAT 2.1

   • cat-test is set up, Tomasz will report about it on the list
   • Managed SP deployment is migrating from CentOS 8 to Rocky Linux, which is a rocky experience (it got off to a rocky start)

6. AOB / Next VC

   • 21 dec 2021, 1530 CET