UCTrust Wireless Notes - 2010-09-22
Participants
Robert Cartelli, UCSC
Dedra Chamberlin, UCB
Erik Klavon, UCB
Gabe Lawrence, UCSD
ken lindahl, UCB
Jim Madden, UCSD
Jeff McCullough, UCB
Andrew Tristan, UCR
Mike Van Norman, UCLA
David Walker, UCD
Finalizing Our Report
David Walker will distribute the final report Friday afternoon, so send any comments you may have before noon on Friday, September 22, 2010.
Discussion of Issues
- UCLA, UCD, and UCSD are currently deploying eduroam. Our discussions of operational issues will run in parallel with those efforts, and be educated by them. Other campuses will choose when and if they deploy eduroam, based in part on the progress of resolving those issues.
- Digital certificates
- We do not believe that there is a need for client systems to trust any "eduroam" certificate, only certificates issued by their home campuses. We will verify that, however, as early campuses deploy eduroam.
- There is a potential security risk that clients will trust invalid certificates for spoofed Radius servers. The risk is similar to users trusting unverfied wireless networks in coffee houses and other public places, but it does carry the possibility of revealing passwords and other sensitive information to the spoofing network. Campuses will need to educate their users about this risk. Campuses may also choose to use separate passwords for wireless access and other services, implement "lockdown" of client configurations, etc., depending on the campuses' tolerance for this risk.
- Supplicant software
- Use of client software like XPress Connect from Cloud Path Networks can ease user support issues and may help with the certificate trust issue mentioned above. Robert Cartelli will collect some information for discussion in our next call.
Next Meeting
Our next meeting will be in late October. We will discuss supplicant software and any deployment experience that UCSD, UCD, and UCLA have learned by then.