Attendance

Attendees

• Stefan Winter (Restena)
• Mike Zawacki (Internet2)
• Sara Jeanes (Internet2)
• Guy Halse (TENET)
• Halil Adem (GRNET)
• Wenche Backman-Kamila (CSC/Funet)
• Louis Twomey (HEAnet)
• Philippe Hanset (ANYROAM)
• Christian Rohrer (SWITCH)
• Anders Nilsson (SUNET)
• Fabian Mauchle (SWITCH)
• Maja Górecka-Wolniewicz (PSNC)
• Tomasz Wolniewicz (PSNC)
• Ed Wincott (Jisc)
• Stefan Paetow (Jisc)
• Zbigniew Ołtuszyk (PSNC)
• Paul Dekkers (SURF)
• Janfred Rieckers (DFN)

Regrets

• Zenon Mousmoulas (GRNET)

Agenda / Proceedings

1. Welcome / Agenda Bashing

2. Update regarding malformed EAP packets

   • Josh Howlett updates on the symptoms of the issue seen
   • Paul D expresses surprise that he doesn’t see this in Radiator on the ETLRs, given the amounts of requests are lower than the ETLR volumes.
     • Chris P that it is raised with FR project to make aware
   • Paul D and Chris P suggest that this should probably be raised with the vendor(s) involved too via WBA so others are aware
   • EAP-Type is the ‘offending’ attribute, suggestion to have Europe or NROs doing some logging to see how much is being seen
   • Suggestion also to possibly terminate such packets at the national proxies to avoid this being a DDoS vector against eduroam

3. EAP-FIDO update

   • probably best to wrap FIDO auth in either EAP-TLS or TEAP (those two deliver server-auth with “traditional PKIX” and allow to derive session keys from the TLS context)

4. Recurring OpenRoaming chitchat

5. AOB / next VC (11 Apr 2022 1530 CEST)

   • radsecproxy release candidate 1.10.0 - please test [https://github.com/radsecproxy/radsecproxy/releases/tag/1.10.0-rc1]