JRA3-T4 VC 16 May 2017, 1530 CEST

==============================

 

Attendees

--------------

  1. Stefan Winter, RESTENA

  2. Reimer Karlsen-Masur, DFN-CERT Services GmbH

  3. Mike Zawacki, Internet2

  4. Brook Schofield, GÉANT

  5. Maja G Wolniewicz, PSNC

  6. Zenon Mousoulas, GRNET (lost connection at 16:04 CET)

  7. Tomasz Wolniewicz, PSNC

  8. Philippe Hanset, ANYROAM

  9. Ingimar Jonsson, RHnet

  10. Miroslav Milinovic, CARNet/Srce

  11. Brian Epstein, Institute for Advanced Study

  12. Marko Eremija, AMRES

  13. Juha Hopia, Funet

  14. Arthur Petrosyan, ASNET-AM

  15. Tsotne Gozalishvili and Temur Maisuradze, GRENA

 

Apologies

--------------

 

Agenda / Proceedings

------------------------------

 

1. Welcome, agenda bashing

 

2. EAP-pwd

See mail from this morning. EAP-pwd has less advantages over EAP-TLS than over EAP-TTLS and PEAP.  So, if you do have TLS, all is good. However, if using TTLS or PEAP, much better crypto both on storage and in-flight is now possible.

Attacks by rogue AP still possible if not hard-pinning EAP-pwd as only EAP type client-side: rogue AP can suggest PEAP and TTLS and claim non-support for pwd. Client will then be driven to these other EAP types.

 

3. Windows 10 "funny" new behaviour after Creators Update

 

TTLS after Creators Update is behaving erratically. Sometimes works, most of the times not, regardless if configured via CAT or any other means.

 

One way out might be to serve GEANTlink with Win10 installers. Better act quickly otherwise people resort to “no config and security at all -> I can connect”. Need testing though.

 

4. Managed IdP: a preview on the next push to cat-pilot

    * client cert login feature: shouldn't this better be disabled?

    * contract with app developer signed by GEANT -> Android support coming soon

 

(adjourned due to Lifesize connectivity issues)

 

5. AOB / Next VC

  * 30 May is TNC17, no VC

  * 13 June 2017, 1530 CEST?

  • No labels