cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Mikael Bak <bak.mikael AT oszk.hu>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] eduroam CAT with Let's Encrypt
- Date: Wed, 24 Apr 2019 09:19:20 +0200
- Autocrypt: addr=bak.mikael AT oszk.hu; keydata= xsFNBFvIL5IBEADlPKBdbUGxkS6CA5FQTlNn3Q1ApjMItWOW/gTwEurqRuEAAm4KlJDNwf4i uvrmXud4caPkSswnRwDfhXBxic+2xUjX3muELC2h/ljDkAIFpGT+xK3vCFGkXt7x8f5/SBHh MyB/gKlMeDFyNiLauRVWOspZqNMuZgCZly+SxfH8TlwQ1ScaVkLjvU9aEvgCcdXUUo1nPiIc aP4/OcrMgOudiQP4eAbZ+SuoSEXVwloip9A7HnfrjBvxrWuTeVVuWNorUw3Psdj+yys+cok/ neluqZBVg6P2OWNd703CrMy9hj3s7peAA0Mhfa8TR+GxL50zy3EGu6iF2WZpuanDUDku4Pbd vXMRafPkpADBo8T3bwEAV03gGGSwSw5RWDb+zMApdJ8rmw/RQE2VBrJzhzyhMizVswsunWhP GiexlQPV/Pt4PgyUn76F7jAOUZy7XgVvXyd/Mb5s+ZLX5jCpBtK4bPtOiZTfHVnKh6BFaZJX mW9BYn4R48BCy7GfAErsZjudady98GiRdqAz32/i08Z8otxjyGbyJ+dsvVdeojVH5Z6/OeLX bZsS7PfNsmFEGYYmEaG74IV1ZgXiyLEqNcgp4KX8hMnA/NMSm4pSlUtig86SI/r1hns5I3Tl 1TcMtIVCnhBoty607xBq2PC8E+z9H73H9ywU0EWW6FnSNxZSSwARAQABzR9NaWthZWwgQmFr IDxiYWsubWlrYWVsQG9zemsuaHU+wsGUBBMBCgA+FiEECB5yN1JehrCpky5E4vRHTsaBWbMF AlvIL5ICGyMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ4vRHTsaBWbOxdg/5 ASzHMclL6iinYrlwvAznw92oAru51Z/cbjg/Bj05VjRWKIvfpwJp4BO5a5O3c0K5K3oXqYkJ OnI9Y/GWgTLj+VvWA+eBQS030TB0PD0oJimU3vSZpJvI3EmGXlVfE0fsxIGvDboZYF0GTLAI r91hLPfK+aeh1u2fRHPYlOZrBZ9lxbIv17s1PB3uZcgg2hWuRvRR+++E2i18nnSW6CU6MvQq V37aY1pLNOlkxnPdJUdHEzW1HH60s2lCjWjpfICZq5JHHauFqAX3lEz3ODU6IMuRdbBg/svY qGguIc1juoeBL4ssnjc+XP9gXGbMFP9nlBZb3l0HsifCaPetZTOPCLtQb5f2271S53HkyfcQ kWMHzKQ+UgP5gE5zRVGjesbJ5lg/QElzgsKjUov7Ld8ZeEdqFK1dAzbgp9xIsY5rZPO4fHRc M6f7sqOq8fhpwKLFlKrV/o5weIVYF01xymkJIKGsiuG7a3VazID4zkPwsyk64xDkObdEIzKD BoeuUjnA9iLmNrJLeLCBRq/EQU9lxE0ljpRMUM6KZ6BFP+ET9ZIijwbOEqXTPZICod5nR8y/ tleyUB6PvOMAfiDEakRTMeWuAhv8cR+QFRObV1W8YxNWMbps0ibPeGrBdPH+ScV0mHZlFQRx 0uvxlxdFZNbDfn7YJ0T2vMh2dc0u+l9eJuzOwU0EW8gvkgEQAN4DABB6aFtYBseIpjEkRCuW Xz7fJpUuVzES4e7+KkX5b9wlXqqM1JugN8ZgcTU4pfiycIAkMPfLIByqhSsSRY3hPbjMJfsX 04MAUuSzFQQLQQQCqjw5m7a4ZssvzYIVRsWY/BY9Q3wk9KQJMc+g3iO6AJyBgmP2DQFXH8zc bTo8KlCHUrlYxmQNHnDRDvaBGRNklrdchTgcyKM+dFycy6BkdSJqRK52yhMs3He6IFOPaVFu +u/h4ZPrXYhBI3gYIph474UNidgqt+4KnPh3EZ8u+D6Ul0DZkexx3/eDc1UTJbrQ023iGkUG Dc8bb8fwKflHimNaaxBw1muM7Z5ZEQF9L4qgoyTQwgTmaKlcjXr6pZBkxosKjrwqbOjhJB+6 vr4SQA5fn4IIlwjGEzJ8Kixpq0n0Mo9zILIbO9EVEe4wx/hU/bIqlGvKpDF8rs9o3u61a2qH TW3lGb94zXwhck+aiTEjz7GaMHO7TEYSi9dK8h3GWXRw4x1/lIyXlYw66fOGTUVxsEU5HAko cVG5vRDRDhBNRYBPzSOGC/rzVXUo160l2AIlLW+1T3mPMVR3P7ztEN7llJVoP/87OlXJG6Xt 1vs4+YmA5L84XKL6sQ4Yiy/s5cP33E0iGc+YfXYpysNyT9QVHSVS/HRLX5T683oPnyWJ/fWH PiF/8TnzxvcrABEBAAHCwXwEGAEKACYWIQQIHnI3Ul6GsKmTLkTi9EdOxoFZswUCW8gvkgIb DAUJCWYBgAAKCRDi9EdOxoFZsyVTEADZrQ3RMB1G//fxrWq1wFc7zag1vsEujSDG3Xy5pcUX SUqZzqRhcXi48SZo13fzoP2hiUaMhbwwlNcjL6C6OJ8GQsw9PvfowAu6E0sZo270buhRJsi5 O077HCPcilieA/+c1Fg8kvBkjt16957HjSn+TcPNMeN7ZygZ9kqybwm/pycyDIKknuJ1jlGq UCwzoKSYxdkHOHSW8q3ugzRe3XyzoQWhLkbIPgB35X7hMXXdX/3kPWvaW5EHQBbsKfjELJat NZwspbRNwx/wdLi6GwTCopZC4Q0qq5/K/IhImgUxPi0GmPtIRJ4yGbQImNMBToFMKrZ/mXMZ Z4ID+fXfamQ2dd5xEdwDZO7SxSB07jsy4KVnUFjDUf8mN820/d7SqcibIMZudZ5EBH4rjo4b zFwobtAuLjjget6xVC20I0DIo9KPLL8XzKpy3cOAExSOHSV3oAWYNDYgIHLAIIQxlWnbx+mU 5OOCNsmvsXVcAvbMwqc4fgtqqG1bbYCQg4hYcO3J2Km9OUoZnHOiphfcSOBoRMjrmbeNKbRv QphsW77a1/MeVAS71O0hba7rofnDu+kbrXAE2IjIdlFBQGcU2uFI89hdMmfGHWjoTFlgcsdz aBGbMxsJy2CVtuubtB9HuILQ32inGH4J58UiADUMiHN6leqNRFO1gAwdJytqSDJUJA==
- Openpgp: preference=signencrypt
Matthew, Tony,
Thank you both for your valuable input!
On 2019. 04. 23. 11:47, Matthew Slowe wrote:
>
>
> Current thinking is that a local, long-lived Root CA (which could be
> dedicated to RADIUS authentication) be used and published via CAT then
> service certificates be issued using that.
>
> There’s a pretty good breakdown of the pros and cons (not specifically
> for LE) here:
>
> https://wiki.geant.org/display/H2eduroam/EAP+Server+Certificate+considerations
>
>
I'm going to suggest to my collegues that we deploy a dedicated,
long-lived Root CA for eduroam in our organization.
I imagine we're going to give a validity time of 10 years to our Root
CA. But on the other hand, what stops us from give it, let's say 20 or
50 years? Any obvious drawbacks?
TIA,
Mikael Bak
- [[cat-users]] eduroam CAT with Let's Encrypt, Mikael Bak, 04/23/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Matthew Slowe, 04/23/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Tony Skalski, 04/23/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Mikael Bak, 04/24/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Matthew Slowe, 04/24/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Alan Buxey, 04/24/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Mikael Bak, 04/25/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Stefan Winter, 04/25/2019
- Re: [[cat-users]] eduroam CAT with Let's Encrypt, Matthew Slowe, 04/23/2019
Archive powered by MHonArc 2.6.19.