eduroam Development VC Minutes 2023-10-24 1530 CEST

Attendance

Attendees

  • Stefan Winter (Restena)
  • Tomasz Wolniewicz (PSNC)
  • Anders Nilsson (SUNET) at WLPC in Prague but joining :)
  • Brian Epstein (he/him) (IAS.edu)
  • Zbigniew Ołtuszyk (PSNC)
  • Maja Górecka-Wolniewicz (PSNC)
  • Guy Halse (TENET)
  • Mike Zawacki (Internet2)
  • Maxime Houlbert (Renater)
  • Ed Kingscote (CANARIE)
  • Mohit Sharma (CANARIE)
  • Chris Phillips (CANARIE)
  • Ed Wincott (Jisc)
  • Janfred Rieckers (DFN)
  • Louis Twomey (HEAnet)
  • Janos Mohacsi (KIFÜ)

Regrets

  • Zenon Mousmoulas (GRNET)
  • Paul Dekkers (SURF) - at the WBA conf ;-)
  • Stefan Paetow (Jisc) - on hols, but messing with OR
  • Hideaki Goto (Tohoku University) - also at the WBA conf ;-)

Agenda / Proceedings

  1. Welcome / Agenda Bashing

  2. CAT 2.1.1 maintenance release

    • plan for deployment on 2 Nov 2023

    • change to underlying OS and VM; process will need a longer downtime than usual - aim is 1h

    • (test installation at cat-ams-new.eduroam.org; database is not current)

    • hosted.eduroam.org to follow later on (investigate re-configuration to be the web part of Managed IdP and SP)

    • performance issues with huge authentication logs

    • working off of release_2_1 branch

  3. geteduroam apps

    • profile names differ between geteduroam-generated vs. CAT-generated
    • Do people hate the “®” in the Windows intaller? It can be removed if so. (upvote +1)
    • Reminder from Wenche that geteduroam is happy to receive funding

  4. IETF / EAP-FIDO update

  • New RADIUS/(D)TLS-bis draft, now a Working Group draft https://datatracker.ietf.org/doc/draft-ietf-radext-radiusdtls-bis/
    • PSK best practices in the making
    • deprecating UDP/unencrypted transport following after
    • in RADIUSEXT wg
  • EAP-FIDO draft published  https://datatracker.ietf.org/doc/draft-janfred-eap-fido/
    • WebPKI as default trust anchor
    • enables “just one string” configuration
    • in EMU wg
    • side meeting on 6 Nov 6pm (remote attendance will be possible, free)
  • all nice and good but: when will this be implemented in reality?
    • this is a known problem, we are doing our best
    • some vendors present at IETF and willing to implement; once some support is out there, finger-pointing at the rest could be a way
    • can skin it as an analogue to HTTP vs. HTTPS

  1. Recurring OpenRoaming chitchat

    • RCOI calculator: https://wireless-broadband-alliance.github.io/OR-rcoi-config/
    • Delhaize: doesn’t do OpenRoaming (allegedly only beacons the old Cisco 004096 ECOI that no contemporary Wi-Fi client will recognise or use; to be verified)
      • StefanP Delhaize does do OR, but only with the 004096 RCOI, not the new ones. Google devices (so Pixel etc) appear to recognise the legacy RCOI, Samsung does not. Will be good to check other Delhaize locations for the same problem (the two .LU locations are likely a good idea for StefanW given his proximity to them).
    • With a (working…) Delhaize config, this becomes a compelling use case for LU
    • Does OpenRoaming solve the “overlapping SSID problem”?
      • if all hotspots use distinct SSIDs, sure
      • if hotspots happen to operate on the same SSID (even though there’s no need to), maybe not

  2. AOB / next VC 21 nov 2023 CET

  • No labels