Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Feature Request: Have CAT apps look for profile updates?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Feature Request: Have CAT apps look for profile updates?


Chronological Thread 
    < Chronological >      < Thread >
  • From: José Manuel Agudo Cuesta <jagudo AT usal.es>
  • To: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] Feature Request: Have CAT apps look for profile updates?
  • Date: Wed, 8 May 2019 18:18:02 +0200
Hi all,

I think that is a great idea that can improve eduroam user service, simplify cert changes and also improve security (perhaps less likely that user ignores cert checks or manual changes eduroam profile). Please consider it.

Best regards,

Jose

El jue., 25 abr. 2019 a las 0:26, Martin Pauly (<pauly AT hrz.uni-marburg.de>) escribió:
Hi all,

as we all know, changing the root of a given CA is no fun.
One reason for this is that with mobile devices, we hardly have
any device management (MDM) at all (much like PCs in the 1990ies).
Given that the use of CAT on most platforms involves the invocation
of some piece of software: Couldn't we use this to implement some
automatic check for updated profile settings on the server?

So if e.g. the Android app installed some kind of cronjob/task that
does a daily check for new .eapconfig profiles on cat.eduroam.org,
would this work? IMHO, at the very least, the app could nag the user
about the update or even go ahead and start the installation.

My background is, of course, the current change of root cert for
all German universities, affecting roughly 3 million people.
Most of us use a cert fork which is easily prepared in Freeradius,
but has to be triggered by the client using a special outer ID.
Now everyone has to tell their thousands of clients that they
should take action _before_ the root cert expires.
This turns out a hard job because users simply don't care as long
as things work. A little brat inside of the device might help
the situation...

I also see limits with this approach (e.g. Apple), but would it make sense at all?

Cheers, Martin

--
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: pauly AT HRZ.Uni-Marburg.DE
   D-35032 Marburg
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users


--
Jose Manuel Agudo Cuesta (SI-CPD)    Unidad de Redes - Seguridad
Telf.   +34 663055816 / Ext 1398
Edificio Facultad de Derecho         Pza. Universidad de Bolonia s/n
37007 SALAMANCA  -   ESPAÑA (SPAIN)

  • Re: [[cat-users]] Feature Request: Have CAT apps look for profile updates?, José Manuel Agudo Cuesta, 05/08/2019

Archive powered by MHonArc 2.6.19.

Top of Page