The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>]

Hi Martin,

>    This must be an effect of the specific MDM. With Sophos MDM, we once 
> applied
>    the same client cert to 120 iPads for a WiFi test with that many devices.
>    The EAP-TLS worked, the WiFi test failed at that time, and the project 
> was
>    abandoned.

Entirely possible. 

>    I am curious to see the concepts behind Let's Wifi of geteduroam.
>    But no matter how good they are, it will at least take 2 years
>    before we will be able to invest any significant effort there.
>    In the mean time we will continue to require an anonymous outer ID
>    from our users (and hope there will be no more things like EAP-Success 
> bug).

Indeed. Worth having a chat to UNINETT who were/are behind the original idea 
of geteduroam, sooo...

>    Just an academic question: If you had a mobile OS landscape all
>    capable of EAP-PWD and only allow this in the server, would you
>    be able to achieve the same level of security as with EAP-TLS?

I have no idea... I am but a system admin, not someone with extensive 
academic research expertise.

:-)

Stefan Paetow
Federated Roaming Technical Specialist

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp AT jabber.dev.ja.net
skype: stefan.paetow.janet


In line with government advice, at Jisc we’re now working from home and our 
offices are currently closed. Read our statement on coronavirus 
<https://www.jisc.ac.uk/about/corporate/coronavirus-statement>.

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under Company No. 5747339, VAT No. 
GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, 
Bristol, BS2 0JA. T 0203 697 5800.