The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Robert Grätz <graetzrx AT hu-berlin.de>]

Hello Stefan,

could you me say, which other universities use also EAP-TTLS?

Best regards
Robert

On 19.07.2019 13:53, Stefan Winter wrote:
> Hello!
>
> TL;DR: unless you, the community, take action, we'll phase out GEANTlink
> in the coming months.
>
> Long version:
>
> Those who are reading the mailing list attentively may have noticed that
> we received an elevated level of bug reports regarding GEANTlink, be it
> about failure to install credentials, random and frequent credential
> pop-ups, and similar.
>
> At this point we don't know for sure if the code behind GEANTlink is
> really working less well with recent Windows versions (Win 10 1903 ...)
> or if the higher report rate is due to more people using it right now in
> Germany due to the big CA rollover which requires re-installs for a very
> large userbase.
>
> We were planning to have these issues investigated by the third party
> that wrote the supplicant for us. Unfortunately, the nature of the
> original contract we had now makes it difficult for GEANT to issue a
> continued support contract to them to keep the software up-to-date.
>
> At this point we sat back and evaluated the merits of GEANTlink at this
> point in time.
>
> As a recap, there was a time when GEANTlink was a highly valuable asset
> because there was
> * Windows 7 which does not include EAP-TTLS as an EAP method
> * Windows 10 which in some of its feature update versions had a /broken/
> EAP-TTLS support that needed mitigation
>
> Those days are soon gone though: Windows 7 goes the way of all earthly
> things in January 2020 - end of extended support. According to the CAT
> software support policy, we'll stop caring actively about that product
> at that time. And Windows 10 got a fixed EAP-TTLS support a number of
> feature updates ago; and thanks to Microsoft's forced auto-upgrade
> policy, the broken versions are nowhere to be found in the wild any more
> (or if they are, they are out of support).
>
> So, in a few months' time, GEANTlink will merely be a "nice to have"
> asset in that it is in some respects superior to the Windows built-in
> supplicants. I know and appreciate that admins out there like it for its
> better logging and good debugging possibilities to diagnose connection
> issues.
>
> So, with GEANT not being able to provide direct financial support for
> software maintenance, the amount of options we have is limited
>
> * an (European, GEANT-project member) NRO with in-house skills in
> Windows programming could get a manpower allocation from the GEANT
> project to work on the software
> * anyone else can work on it on their own time, thanks to it being
> open-source software available on GitHub
> (https://github.com/Amebis/GEANTLink)
> * anyone with small amounts of money could make a support contract with
> the third party in self-funding (I'm picturing that we would be talking
> about a low four-digit figure here)
> * in the absence of any of the above, we would phase out GEANTlink from
> future CAT releases: in a short timeframe, remove the option to use
> GEANTlink in Windows 8.1 and 10, in favour of the built-in supplicant;
> in January 2020, remove it from Windows 7 installers, effectively making
> EAP-TTLS unsupported on that platform
>
> Thank you for reading this far. If you don't like the fourth option
> above, please consider the other three ones and let us know (on- or
> off-list) how you would like to contribute.
>
> We will not make any decisions (and code changes) on that topic during
> the summer vacation period, so let's say not before 15 September we
> might implement a hotfix to remove GEANTlink in Win 8.1 and 10 so that
> the new semester would not be served GEANTlink any more.
>
> Greetings,
>
> Stefan Winter