The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

many of you have seen (and hopefully not clicked on!) valid tokens which
were sent by admins to the mailing list when they seeked help.

Those reached the mailing list because this list was the Reply-To in
invitations.

We are going to remove the Reply-To in 1.1.2 and 1.2 to make the actual
mail text true ("this is a send-only address") - the presence of the
Reply-To was pretty much a bug.

For 1.2, I would also like to make another change for which I welcome
opinions: when the invitation is sent by a *federation admin* (i.e. a
brand new IdP is being created), I would like to add a Reply-To - the
federation admins.

They are the ones who invited, and are best suited to diagnose problems
or provide hand-holding. They are also the ones who don't care about
invitation tokens because they can produce as many of those as they like :-)

The (IMHO minor) privacy implication is that the mails will then contain
the mail address and the real name of the fed admin in the Reply-To
header; and the admin-to-be is going to see them.

We did not use fedadmin mail addresses in this way before, so maybe some
have reservations against this. Please let us know by replying to this mail.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature