eduroam Development VC Minutes 2021-03-30 1530 CEST

Attendance

Attendees

  • Stefan Winter (Restena)
  • Hideaki Goto (Tohoku University / Cityroam)
  • Chris Phillips (CANARIE)
  • Rafal Lawrukiewicz (CANARIE)
  • Janos Mohacsi (KIFU)
  • Zbigniew Ołtuszyk (PCSS)
  • Stefan Paetow (Jisc)
  • Stephanie Cooper (ANYROAM)
  • Philippe Hanset (ANYROAM)
  • Maja Górecka-Wolniewicz (PSNC)
  • Tomasz Wolniewicz (PSNC)

Agenda / Proceedings

  1. Welcome / Agenda Bashing
  2. The various issues with some builds of Android 11

PEAP with anonymous outer identities not working

    • vendor identified problem, patch release during Q2 2021
    • two ways out: 1) disable outer IDs in PEAP; 2) switch to EAP-TTLS

EAP-TLS with some client certificates not working

    • vendor identified problem, patch release during Q2 2021

server-side authentication failure paths for some server certificates, with several EAP types

    • not vendor specific(!)
    • Android UI config: checks server name against Subject/CN and subjectAltName:DNS (any one match is okay)
    • eduroamCAT: checks Subject/CN exclusively
    • geteduroam: checks subjectAltName:DNS exclusively
    • manual configuration via UI checks for presence in either of the two
    • –> if your CAT-configured server name is in both properties, you win, otherwise, your bad :-)
    • (Miro notes: maybe CAT realm checks should elevate a mismatch there from a WARNING to an ERROR)

Note: Android 9 or 10 had a behaviour change in that deletion of the configuring App also deletes the config in Wi-Fi settings. This is not specific to eduroamCAT vs. geteduroam but an API decision.

  1. AOB / Next VC
  • geteduroam is governed in The Commons Conservancy https://commonsconservancy.org/
  • geteduroam should have a debug output of some sorts, at least for Android 11+ versions
  • 13 Apr 2021 1530 CEST next VC?
  • No labels