Subject: An open discussion list for topics related to the geteduroam service
- From: Paul Dekkers <paul.dekkers AT surf.nl>
- To: Wenche Backman-Kamila <wenche.backman-kamila AT csc.fi>, geteduroam AT lists.geant.org
- Subject: Re: Findings
- Date: Fri, 12 Mar 2021 13:13:35 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VdOe/E8DqtLQr3wrVAUSCCUcJnw4FaUgLmB9PC5LZAo=; b=IgQhlcQ4pX25OiwN/piD9wn/eqA00Q9PtFmBrgvmTbRQFpKGXpv4h2inq/fj2jzf0pQ3eRsOdaGgXlluxsg1neUiweThvqig7eeOXQ1FnKO46pxrQpH+fyyTrSFZf+mvcNmDzwmqYEWqoCN8maDyKwhE9UIuuIvbJRztEupzvT8Tpsk4cR9oejrPcb0gkgxHkyZAYEMKfhKqklR1zqaSrf9t/P/uKjncuwi5FSKiiZFPSWz52e2PcujqcHrNC7a+NJ/nDVC1TwqND3YA/UrAG9XVcLPcNhztMin4squYfEa7m/E4aRQ3UUeYWRH3nboWJMt82tK6FYUX33Vs+XFz3A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ISEaP48U4jR1DO0EYubdmva2uevvoBapKY8bgCJeG+jMdhqE4DlKB8QYLLm7NJHVOF9KOWDuB6K+jt7SJqCNNAcY7cSF6mn9DAw8TGHPEcliJjSyObuElbWf58YTefk0usVopYbzC4ubvTUyNVZK4VpUbqAHtuWS01Mq81yuvdcl6rqyWgo7B6E8RMOnYo2NVVrA7kMmiR7s3XQQ2OBT03ITEPKonaaPJEeKjGp/NYkLzQ2aVCceaDAQex86B3RkWlGDUUoimuRO8N9SbVl3OdKtTwTie94R1lpwzrMYWWMofpP6zMw67ZgiQ2q1Hj4LbogJzRBo6ZejKy8C09HHBQ==
- Authentication-results: surf.nl; dkim=none (message not signed) header.d=none;surf.nl; dmarc=none action=none header.from=surf.nl;
@list; for people that are unaware of the "hosted version" Wenche
is talking about, this hasn't been advertised here yet (I think)
but a bit more can be found at:
Basically, it allows you to connect an eduGAIN IdP to a hosted
version of a pseudo-account service for geteduroam (comparable to
and complementing the managed IdP, with eduroam credential
creation based on eduGAIN authentication instead of invites).
1294031521.7589101.1615546999290.JavaMail.zimbra AT csc.fi">Hi,
While taking geteduroam into use we'd like to report the following:
- You seem to use old crypto (CBC) for 'https://get.eduroam.org'. Is it possible to support also modern GCM crypto. We had to make an exception for this entity ID to make it work, but it works now.
Of course! We do support GCM, but *also* CBC, I think that's where the problem is? Do you have a pointer to eduGAIN guidelines for this, if there are any? I wasn't aware about a requirement.
And I'm afraid I looked no further than the A+ rating of ssllabs
that we already had ;-) We still are A+, but with less ciphers.
Hope this works out better.
1294031521.7589101.1615546999290.JavaMail.zimbra AT csc.fi">- CSC has been added to the institution list on Windows 10, but I cannot see CSC in the institution list in Android 10 (tested with both Samsung and Motorola). How come?
We actually improved the metadata creation very recently to
reduce stale sessions in cache; I myself see CSC (with 2 profiles)
on Android. Don't you?
- Findings, Wenche Backman-Kamila, 03/12/2021
Archive powered by MHonArc 2.6.19.