eduroam Development VC Minutes 2025-01-28 1600 CET

Attendance

Attendees

  • Stefan Winter (Restena)
  • Anders Nilsson (SUNET)
  • Ingimar Jonsson (RHnet IS)
  • Fabian Mauchle (Switch)
  • Stefan Paetow (Jisc)
  • Ed Wincott (Jisc)
  • Tomasz Wolniewicz (PSNC)
  • Maja Górecka-Wolniewicz (PSNC)
  • Maxime Houlbert (Renater)
  • Hideaki Goto (Tohoku University/NII)
  • Alan DeKok (FreeRADIUS)
  • Janfred Rieckers (DFN)
  • Mary Bull (Internet2)
  • Zbigniew Ołtuszyk (PSNC)
  • Louis Twomey (HEAnet)
  • Mike Zawacki (Internet2)
  • Janos Mohacsi (Pro-M - Hungarian NRO)

Regrets

  • Guy Halse (TENET)
  • Christian Rohrer (Switch)
  • Mike Zawacki (joining late)
  • Ed Kingscote (CANARIE)
  • Zenon Mousmoulas (GRNET)

Agenda / Proceedings

  1. Welcome / Happy New Year / Agenda Bashing

  2. CAT news

    • self-registration of admins, but difficult to implement
    • eduroam DB schema leaves some room for interpretation (v1: if the realm of two entries is identical, it’s the same org. v2: orgs are identified by their NRO-ID, and two orgs can have the same realm)

2b. WPA3? (followup after SG)

  • Is it still a good advice to suggest WPA2/3 transition mode?
  • If not, we should update our advisory
  • call for testing: does it work well to set WPA3-only for 5+6 GHz, with WPA2 for 2.4 only?
  • https://wiki.geant.org/pages/viewpage.action?pageId=121346200
  • Using TOFU and manual config on Windows Recent while on a WPA3 network will “lock” the config into WPA3-only - something to mention in the advisory…
  1. IETF updates
  • TLSbis is progressing
  • reverse CoA will make progress after IETF
  • Status-Realm is progressing. https://github.com/meadmaker/draft-ietf-radext-status-realm/ What do we need from it?
  • likely new document on BCP for dynamic DNS lookup. No change to the protocol, tho
  • EAP-FIDO is currently expired (due to work on masters thesis)
  1. OpenRoaming updates
  • our expertise is useful to other organisations
  • There will be a useful sideline for eduroam admins with OR experience
  1. Radsecproxy on Windows (Cygwin)
  • https://github.com/radsecproxy/radsecproxy/issues/157
  • Compiles with code copied from FreeBSD
    • OpenBSD might be similar, any users?
  • NAPTR lookups fail with unparsable response
  • Let’s see if we can do a batch file that can replace the script, but either way, we are thankful for the hard work

  1. Workshop from Radiator and FreeRADIUS
    https://radiusconference.org/

    • Technical: Radiator, radsecproxy, FreeRADIUS, Painless Security, and others will focus on proxy issues
    • Public: various presentations on WBA (how accounting is terrible), eduroam (Klaas), university, enterprise NAC, etc.

  2. Next VC

    • 11 Feb 2025, 1530 CET
  • No labels