cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Martin Pauly <pauly AT hrz.uni-marburg.de>
- To: cat-users AT lists.geant.org
- Subject: [[cat-users]] Android App: Recognizing .eap-config files by file extension?
- Date: Mon, 31 Jul 2017 18:20:26 +0200
Hello,
this one goes to Stefan Winter :-)
Please forgive me, if I missed some update, I'm a bit scarce on Android
testing devices currently.
My request:
https://tools.ietf.org/html/draft-winter-opsawg-eap-metadata-00#section-4.2
proposes a most sensible feature, IMO:
-------------------------------- From RFC draft -------------------------
In situations where file types can not be determined by MIME type
meta-information (e.g. when the file gets stored on a local
filesystem), this document RECOMMENDs that EAP Metadata configuration
files be stored with the extension
.eap-config
to identify the file as containing EAP Metadata configuration
information. Edge devices can register the application which can
consume the EAP Metadata with this file extension. By doing so, for
example a single click or tap on the filename in the device's User
Interface will invoke the configuration process.
------------------------------------------------------------------------
That is exactly what is needed for almost any initial eduroam CAT usage
on any Android device. Currently, the Android App only recognizes config
files downloaded from a web server that provides the appropriate MIME type.
But what do you do with a device for which eduroam is supposed to be its
first network connection, e.g. a newly bought tablet computer lacking a SIM
card?
Basically the solution is now:
1. Connect to eduroam SSID manually (still unable to check the cert!)
2. Install the app
3. Access said web server to get the config file along with the MIME type
This will, of course, fire up the app and get everything right, finally.
Providing e.g. the apk+config on a USB Stick is pointless, since the file is
not recognized. Also, I could not find a menu item inside the app to manually
import a config file.
Guess what our users have been doing for ages? Execute Step 1 and call it a
day.
Requiring a network connection to get the network connection right seems
illogical to me. I have narrowed the view to Android here because Android is
so
easily tricked into the Evil Twin attack. It is also by far the most popular
mobile OS with our users, so there are thousands of devices out there
whose credentials are extremely easy to come by for any attacker.
Could we please associate the GEANT app with the .eap-config file extension?
Thanks, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail:
pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [[cat-users]] Android App: Recognizing .eap-config files by file extension?, Martin Pauly, 07/31/2017
Archive powered by MHonArc 2.6.19.