RE: WPA problem and eduroam

["Josh Howlett" <Josh.Howlett@xxxxxx>]

> > IMO, we shouldn't let the service be driven by paranoia of admins.
> 
> sure - but if the service had been dictated by the end users 
> then we'd have no WPA at all for eduroam and it'd have been a 
> web captive portal system...the WPA is because of the 
> paranoia of the admins.

One of the reasons that we adopted a tiered approach to JANET Roaming
was to allow admins to pick a way implementing eduroam that was
comfortable for them, but still satisfied those parts of the eduroam
security model that are essential (ie. confidentiality is nice, but not
essential).

Let's analyse the problem, and publish the results. If it's not a
problem, this should be used to re-assure paranoid admins. If it is a
problem, it should be used to inform the solution. I think it's a
mistake to jump to solutions without first understanding the problem.

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG