Advanced notice :
We will be carrying out maintenance on this site from Friday 24 January until Sunday 26 January at 11:59. The site will be unavailable during the maintenance window. Maintenance start time: 24/01/2025 12:00 UTC. End time: 26/01/2025 23:59 UTC.
Introduction
Every year, around December, the eduGAIN CSIRT runs a challenge to assess a critical part of the eduGAIN communication infrastructure: the security contacts of the eduGAIN Participants, where available. The security contacts email addresses have been retrieved from the eduGAIN Database using the APIs published on the technical site. The procedure used to collect the email addresses is available on the GEANT gitlab:
The security contacts are stored in the eduGAIN Database and can be consulted on the Member Federations page:
https://technical.edugain.org/status
Participants
In the eduGAIN Communication Challenge 2024-12, 48 eduGAIN Participants have been challenged:
| AAF |
| AAI-EDUHR |
| ACONET |
| AZSCINET |
| BELNET |
| BIF |
| CAF |
| CAFE |
| CARSI |
| CYNET-IF |
| DFN-AAI |
| EDUID-AFRICA |
| EDUID-CZ |
| EDUID-HU |
| EDUID-NG |
| FENIX |
| FER |
| GAKUNIN |
| GRNET |
| HAKA |
| IDEM |
| INCOMMON |
| IRFED |
| LAIFE |
| LEAF |
| LITNET-FEDI |
| LK-LIAF |
| OMREN |
| PIONIER-ID |
| RAFIKI |
| RCTSAAI |
| RIF |
| ROEDUNETID |
| SA-MIF |
| SAFEID |
| SAFIRE |
| SIF |
| SIFULAN |
| SIR |
| SURFCONEXT |
| SWAMID |
| SWITCHAAI |
| TAAT |
| THAILDF |
| TIGERFED |
| TUAKIRI |
| UK-FEDERATION |
| WAYF |
eduGAIN participants that didn't communicate their security contacts were excluded from the challenge.
Challenge timeline
In order to guarantee equal conditions for each participants independently from their time zone, security contact has been challenged using a randomized timeline, so each contact has been challenged at a different time.
- 2024-11-25T23:16:09Z+00:00 - Start of the challenge.
- 2024-11-26T19:54:12Z+00:00 - End of the challenge.
- 2024-12-04 - Public report available (this wiki page).
What was assessed
- That the provided security contact is a well formed email address.
- That the provided email address is not bouncing.
- That the recipients of the security contact are reading the mailbox and follow the link provided to confirm that the email address is still valid for the purpose.
Reaction times, meaning the time elapsed between the sending of the challenge and the click on the link provided, is measured as well to assess the responsiveness of the security contacts.
Results
Responses
Assuming that all contacted participants received the challenge e-mail and understood what action was expected from them, we had the following results: 75% success rate, in absolute numbers 36 participants out of 48 have reacted within the challenge time frame (5 days). This results are in line with the eduGAIN CommsChallenge2022-12 Results, though slightly worse.
37 participants (77 %) have reacted
48 participants have been challenged
34 participants (71 %) have reacted within 24 h
Reaction times
The graph above shows that the all reactions were recorded within 140 hours, with the vast majority within 24 hours. Almost all time zones were covered in this global exercise, and although the time at which each contact has been challenged was random, the reaction times does not differ wildly from last year results. Overall, the results are quite good and show that the security contact addresses of the participants are monitored during out-of-office hours.
| Time | Respondants |
|---|---|
| < 4h | 30 |
| < 10h | 32 |
| < 24h | 34 |
Non answering contacts
The following eduGAIN participants did not answer the challenge.
| Federation | Additional response/clarification |
|---|---|
| CAFE | |
| EFIS | |
| HAKA | |
| IRFED | |
| LITNET-FEDI | |
| LK-LIAF | |
| SA-MIF | |
| SAFEID | |
| SIF | |
| SWAMID | |
| THAILDF | |
| TIGERFED |
Follow Up
The participants that have not reacted to the challenge will be contacted by the eduGAIN CSIRT to understand what did not work in the current run.