The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,


> Sure server name is essential. And the GUI does let you configure the
> server name, both the NetworkManager and the Android GUI call it
> "Domain".
> Which gives me the second part of the double naming glitch I forgot to
> mention in my previous post. Since both misleading names are the same
> in Android and NetworkManager dialogs, I assume a common source.
> I can investigate this when I have some time.
> (BTW: Modern Android except Samsung even requires the "Domain" to be
> filled in,
> accept any of the CAs known to the system, but not allow the dangerous
> "do not validate" any more). 


The source is wpa_supplicant's choice of name: the parameter in its
config file is "domain_suffix_match". Both Android and NetworkManager
use wpa_supplicant in their backend.


The "do not validate" going away is intentional, and a feature of
WPA3-R2 certification in Wi-Fi Alliance. In the future, all supplicants
need to remove that option if they want the shiny "Wi-Fi Certified WPA3"
logo. Android AOSP 11 was merely one of the first to pick it up. The
work in Wi-Fi Alliance to this end was sponsored by GEANT and done by
yours truly.


Greetings,


Stefan Winter

Attachment: OpenPGP_signature
Description: OpenPGP digital signature