eduroam Development VC Minutes 2023-04-11 1530 CEST

Attendance

Attendees

  • Stefan Winter (Restena)
  • Stefan Paetow (Jisc)
  • Zenon Mousmoulas (GRNET)
  • Guy Halse (TENET)
  • Mike Zawacki (Internet2)
  • Christian Rohrer (SWITCH)
  • Janfred Rieckers (DFN)
  • Chris Phillips (CANARIE)
  • Ed Wincott (Jisc)
  • Maxime Houlbert (Renater)
  • Maja Górecka-Wolniewicz (PSNC)
  • Janos Mohacsi (KIFÜ)

Regrets

Agenda / Proceedings

  1. Welcome / Agenda Bashing

  2. insight / comments on technical roadmap for CAT/MSP-pilot

    • Managed IdP: delivers EAP-TLS credentials, for those without a SAML or OIDC IdP
    • geteduroam-TLS-credentials: delivers EAP-TLS credentials, for those with such an IdP
    • geteduroam.app: for everyone needing to onboard eduroam users, be it EAP-TLS or any other EAP type
    • Managed SP: its pilot-ness seems to be a deterrent to adoption - some NRENs would need to move at faster rate
    • Can GEANT turn Managed SP into production? Or should NRENs deploy on their own?
    • In general, questions about roadmap: where do products go, at what pace, where is the priority?

  3. Update regarding malformed EAP packets?

    • some updates. Apparently a NAS receives correct client data, but mis-packages it into RADIUS / EAP-Message

  4. PEAP / TLS 1.3 / Session Resumption not working?

    • get in touch with StefanW, there are things to test.
    • test case would be Win 11 22H2+, PEAP, TLS 1.3, Session resumption enabled
    • (From Mike/I2 - the eduroam US Advisory Committee is looking a at this issue as well. Happy to coordinate with this group and/or see if we can help advocate w/MS)

  5. RADIUS/TLS in FreeRADIUS

    • now working glitch-free

  6. EAP-FIDO update?

  7. IETF business

    • The RADEXT WG has been re-chartered.
    • Experimental RFCs for RADSEC and DTLS are to be moved to proposed track (but shouldn’t change)
    • Work in progress to deprecate/discourage ‘classic’ RADIUS (RADIUS over UDP), to be used internally inside orgs only
      • Externals should be using RADSEC/DTLS
    • Work in progress to change mechanisms for Message-Authenticator from MD5 to something more substantial
    • https://datatracker.ietf.org/wg/radext/about/
    • There will be an interim meeting in May, everyone is open to join.

  8. Recurring OpenRoaming chitchat

    • StefanP was meant to talk about OpenRoaming at TNC Mobility Day, but may need to attend remotely

  9. AOB / next VC (25 Apr 2022 1530 CEST)?

    • please test radsecproxy RC
  • No labels