UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
eduroam Development VC Minutes 2021-12-07 1530 CET
Attendance
Attendees
- Stefan Winter (Restena)
- Mike Zawacki (Internet2)
- Arnaud Lauriou (RENATER)
- Tomasz Wolniewicz (PSNC)
- Geoffroy Arnoud (RENATER)
- Maja Gorecka-Wolniewicz (PSNC)
- Zbigniew Ołtuszyk (PSNC)
- Anders Nilsson (SUNET)
- Stephanie Cooper (ANYROAM)
- Chad Bauer (ANYROAM)
- Thomas Bärecke (SWITCH)
- Dubravko Penezic (Srce)
- Wenche Backman-Kamila (CSC/Funet)
Regrets
- Zenon Mousmoulas (GRNET)
- Chris Phillips (CANARIE)
- Janos Mohacsi (KIFU)
- Hideaki Goto (Tohoku University/NII)
- Christian Rohrer (SWITCH)
Agenda / Proceedings
Welcome / Agenda Bashing
MAC Address randomization “Reloaded”
- after discussion with ZA rep, MAC address randomisation doesn’t seem to be much of a hardware / AP issue there. Aspects like (not any more) being able to detect credential sharing abuse etc. is much more a concern
- Tongue in cheek: is Tomasz’s Meru hardware problem maybe the only brand/model out there with these issues? Can we just move on and keep MAC address randomization on?
- did StefanP have another specimen of hardware not doing this properly last time? -> please tell the mailing list
Proxy Settings documentation
- https://wiki.geant.org/display/H2eduroam/eduroam+SP “Proxy Settings”
- (also had a GEANT/CAT issue raised about this: https://github.com/GEANT/CAT/issues/228)
WPA3 - causing issues?
- Reminder:
- WPA2 without Protected Management Frames => “WPA2”
- WPA2 with optional Protected Management Frames => “WPA3 Transitional” “WPA2/WPA3”
- WPA2 with mandatory Protected Management Frames => “WPA3 Only”
- If you had PMF-capable WPA2 hotspots before, you also had WPA3 hardware without knowing it.
- You could have turned on PMFs for years; and would get the same problems you now get when setting WPA3 modes.
- Those problems would be only with clients that do NOT understand PMFs.
- I.e. nothing new really. New labels for old things.
- (And so, unsurprisingly, there is no difference in installer vocabulary to support WPA3)
- WPA2/3 transitional has been seen working nicely in the field, should be safe.
- Please try it out and report if there are significant issues with it.
- Reminder:
CAT 2.1
- cat-test is set up, Tomasz will report about it on the list
- Managed SP deployment is migrating from CentOS 8 to Rocky Linux, which is a rocky experience (it got off to a rocky start)
AOB / Next VC
- 21 dec 2021, 1530 CET