The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>]

> On 1 Oct 2019, at 11:27, Per Mejdal Rasmussen <pmr AT its.aau.dk> wrote:
> 
> The bottom line is we don´t care if device credentials are stolen, because 
> they only grans access to eduroam - a network shared by millions, and same 
> MAC address must be used. There are much easier ways to get anonymous 
> network access.

You may not, but many other institutions do. 

> This is where EAP-TTLS has a big problem. If you have a devices without 
> network access, how do run the installer, which you cannot download, 
> because the is no open network where you are.

No, this is why institutions tell you to configure eduroam *before* you 
travel off-campus or use eduroam elsewhere so that this is not a problem. 
Many institutions will provide a 'guest' style network that allows their 
staff and their students to 'bootstrap' their devices with eduroam before 
they connect to the eduroam network. 

You may think that this is where EAP-TTLS might have a problem, but this is 
entirely intentional and there to ensure security.

With Kind Regards

Stefan Paetow
Federated Roaming Technical Specialist

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp AT jabber.dev.ja.net
skype: stefan.paetow.janet

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under Company No. 5747339, VAT No. 
GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, 
Bristol, BS2 0JA. T 0203 697 5800.