cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Martin Pauly <pauly AT hrz.uni-marburg.de>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS
- Date: Wed, 19 May 2021 19:19:16 +0200
Hi Stefan,
On 18.05.21 23:56, Stefan Paetow wrote:
Yes and no. EAP-TLS requires you to visit your organisation's site
again to get the profile that includes a private key and the cert for
it. I had this with SecureW2, in that I attempted to use one profile
on two devices. That was not allowed. Each device had to visit the
SecureW2 site separately to obtain keys and certs. Maybe it was a
configuration on the server side, but there we are.
This must be an effect of the specific MDM. With Sophos MDM, we once applied
the same client cert to 120 iPads for a WiFi test with that many devices.
The EAP-TLS worked, the WiFi test failed at that time, and the project was
abandoned.
But Aruba and others are in agreement that the only way we'll get
around issues of credential leakage is... EAP-TLS. (
I am curious to see the concepts behind Let's Wifi of geteduroam.
But no matter how good they are, it will at least take 2 years
before we will be able to invest any significant effort there.
In the mean time we will continue to require an anonymous outer ID
from our users (and hope there will be no more things like EAP-Success bug).
Just an academic question: If you had a mobile OS landscape all
capable of EAP-PWD and only allow this in the server, would you
be able to achieve the same level of security as with EAP-TLS?
Cheers, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Thorsten Fritsch, 05/10/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Roberto Flor, 05/10/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/10/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/11/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Patrick Oberli, 05/12/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Thorsten Fritsch, 05/17/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/18/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Thorsten Fritsch, 05/17/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/17/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/18/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/19/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/20/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Winter, 05/21/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/21/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/19/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/18/2021
- RE: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Patrick Oberli, 05/12/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Stefan Paetow, 05/11/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Martin Pauly, 05/10/2021
- Re: [[cat-users]] Specific CatInstaller for Android11 with EAP-TTLS, Roberto Flor, 05/10/2021
Archive powered by MHonArc 2.6.19.