eduroam Development VC Minutes 2024-12-03 1530 CET

Attendance

Attendees

• Stefan Winter (Restena)
• Anders Nilsson (SUNET)
• Tomasz Wolniewicz (PSNC)
• Stefan Paetow (Jisc)
• Maja Górecka-Wolniewicz (PSNC)
• Zbigniew Ołtuszyk (PSNC)
• Paul Dekkers (SURF)
• Louis Twomey (HEAnet)
• Frederic Gerber (Switch)
• Fabian Mauchle (Switch)
• Ed Kingscote (CANARIE)
• Edward Wincott (Jisc - joined late)

Regrets

• Zenon Mousmoulas (GRNET)

Agenda / Proceedings

1. Welcome / Agenda Bashing

2. CAT 2.1.3

   • IdP realms as keywords for DiscoJuice
   • profile ordering
   • profile duplication
   • help hints in IdP/profile editing
   • monthly download statistics
   • improved RadSec certificate management
   • multiple extensions to linux installer (in particular new openssl module support)
   • several bug fixes

3. Fedora’s temporary dislike of (PEAP|TTLS)-MSCHAPv2

   • MSCHAPv2 makes use of MD4 in some inner workings
   • this algorithm has fallen from grace a long time ago
   • Fedora 41 wiped MD4 and thus MSCHAPv2 support from their distribution (presumably by accident)
   • fixed after bug report and OS updates
   • Microsoft themselves are fading out NTHash authentication options, but with a less aggressive timeline (next versions of Windows and Server will still have it, after that unknown)
   • MSCHAPv2 based auth might finally disappear at a mid-term point in the future
   • https://techcommunity.microsoft.com/blog/windows-itpro-blog/the-evolution-of-windows-authentication/3926848
   • if OS-wide MD4 goes away, one could think of custom code just for RADIUS to keep MSCHAPv2 going, without exposing the old algo system-wide

4. radsecproxy for Windows

   • working, but still in progress
   • TLS-PSK functionality should be available
   • dynamic discovery is NOT available (effort ongoing to make it available)
   • work on making it run as a service ongoing

5. IETF updates

   • EAP “Fido”: updates are trickling in
   • new PoC code

6. OpenRoaming updates

   • submitted a request for TNC25 named “OpenRoaming 101”

7. planned Workshop from Radiator and FreeRADIUS

   • week of March 11 planned (not confirmed, Alan to keep us posted)
   • radsecproxy on Windows can/will get an honourable mention

8. Next VC

   • 17 Dec 2024, 1530 CET