eduroam Development VC Minutes 2024-12-03 1530 CET

Attendance

Attendees

  • Stefan Winter (Restena)
  • Anders Nilsson (SUNET)
  • Tomasz Wolniewicz (PSNC)
  • Stefan Paetow (Jisc)
  • Maja Górecka-Wolniewicz (PSNC)
  • Zbigniew Ołtuszyk (PSNC)
  • Paul Dekkers (SURF)
  • Louis Twomey (HEAnet)
  • Frederic Gerber (Switch)
  • Fabian Mauchle (Switch)
  • Ed Kingscote (CANARIE)
  • Edward Wincott (Jisc - joined late)

Regrets

  • Zenon Mousmoulas (GRNET)

Agenda / Proceedings

  1. Welcome / Agenda Bashing

  2. CAT 2.1.3

    • IdP realms as keywords for DiscoJuice
    • profile ordering
    • profile duplication
    • help hints in IdP/profile editing
    • monthly download statistics
    • improved RadSec certificate management
    • multiple extensions to linux installer (in particular new openssl module support)
    • several bug fixes

  3. Fedora’s temporary dislike of (PEAP|TTLS)-MSCHAPv2

    • MSCHAPv2 makes use of MD4 in some inner workings
    • this algorithm has fallen from grace a long time ago
    • Fedora 41 wiped MD4 and thus MSCHAPv2 support from their distribution (presumably by accident)
    • fixed after bug report and OS updates
    • Microsoft themselves are fading out NTHash authentication options, but with a less aggressive timeline (next versions of Windows and Server will still have it, after that unknown)
    • MSCHAPv2 based auth might finally disappear at a mid-term point in the future
    • https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848
    • if OS-wide MD4 goes away, one could think of custom code just for RADIUS to keep MSCHAPv2 going, without exposing the old algo system-wide

  4. radsecproxy for Windows

    • working, but still in progress
    • TLS-PSK functionality should be available
    • dynamic discovery is NOT available (effort ongoing to make it available)
    • work on making it run as a service ongoing

  5. IETF updates

    • EAP “Fido”: updates are trickling in
    • new PoC code

  6. OpenRoaming updates

    • submitted a request for TNC25 named “OpenRoaming 101”

  7. planned Workshop from Radiator and FreeRADIUS

    • week of March 11 planned (not confirmed, Alan to keep us posted)
    • radsecproxy on Windows can/will get an honourable mention

  8. Next VC

    • 17 Dec 2024, 1530 CET
  • No labels