> On Feb 23, 2018, at 10:58 AM, David Morton <dmor...@uw.edu> wrote: > > We currently use EAP-PEAP for our eduroam/802.1x, but are now considering > adding EAP-TLS to the mix. We have several potential PKIs that we could use, > but all of them will take some work to get them ready for a production > launch. Given that resources are limited, I’m looking for some data points > about others who have moved, are thinking of moving or have decided not to > adopt EAP-TLS. > > To help gather some data can you please answer this short survey? > > Do you: > > - Support 802.1x? -
Yes. > > If yes, do you: > > - use EAP-PEAP on campus? - Yes. > > - use EAP-TLS on campus? - Yes. > - What PKI/CA do you use: - > > - If both, why and is one preferred? - We were mainly using EAP-TLS with some devices using EAP-TTLS. We will be turning off EAP-TTLS soon. We enabled EAP-PEAP recently because our help desk reported a significant percentage of Android devices had issues with EAP-TLS. Also a smaller percentage of Windows machines had problems with EAP-TLS but it was decided to use EAP-PEAP for Windows devices. We continue to use EAP-TLS for Apple devices, both iOS and Mac OS. EAP-TLS has the advantage that a man in the middle attack can not steal a password, even if a user turns off the “check server certificate” verification. Also with EAP-TLS devices do not have to be reconfigured if a password is changed. So EAP-PEAP is installed on Android and Windows devices by default with CloudPath and EAP-TLS is installed by default on Apple devices with CloudPath. People still have the option of configuring EAP-TLS for Android and Windows devices and EAP-PEAL for Apple devices but that requires that they configure that manually rather than with the installer. > - If only PEAP, are you planning EAP-TLS? - > > Brief description of why you’re doing what you’re doing and anything else > that might be helpful: > > > > Thank you in advance > > > David > > > > > David Morton > Director, Networks & Telecommunications > Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV > University of Washington > dmor...@uw.edu > tel 206.221.7814 > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II 701-231-8527 North Dakota State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
