Thanks Bruce. David
On Feb 26, 2018, at 8:31 AM, Curtis, Bruce <bruce.cur...@ndsu.edu<mailto:bruce.cur...@ndsu.edu>> wrote: On Feb 23, 2018, at 10:58 AM, David Morton <dmor...@uw.edu<mailto:dmor...@uw.edu>> wrote: We currently use EAP-PEAP for our eduroam/802.1x, but are now considering adding EAP-TLS to the mix. We have several potential PKIs that we could use, but all of them will take some work to get them ready for a production launch. Given that resources are limited, I’m looking for some data points about others who have moved, are thinking of moving or have decided not to adopt EAP-TLS. To help gather some data can you please answer this short survey? Do you: - Support 802.1x? - Yes. If yes, do you: - use EAP-PEAP on campus? - Yes. - use EAP-TLS on campus? - Yes. - What PKI/CA do you use: - - If both, why and is one preferred? - We were mainly using EAP-TLS with some devices using EAP-TTLS. We will be turning off EAP-TTLS soon. We enabled EAP-PEAP recently because our help desk reported a significant percentage of Android devices had issues with EAP-TLS. Also a smaller percentage of Windows machines had problems with EAP-TLS but it was decided to use EAP-PEAP for Windows devices. We continue to use EAP-TLS for Apple devices, both iOS and Mac OS. EAP-TLS has the advantage that a man in the middle attack can not steal a password, even if a user turns off the “check server certificate” verification. Also with EAP-TLS devices do not have to be reconfigured if a password is changed. So EAP-PEAP is installed on Android and Windows devices by default with CloudPath and EAP-TLS is installed by default on Apple devices with CloudPath. People still have the option of configuring EAP-TLS for Android and Windows devices and EAP-PEAL for Apple devices but that requires that they configure that manually rather than with the installer. - If only PEAP, are you planning EAP-TLS? - Brief description of why you’re doing what you’re doing and anything else that might be helpful: Thank you in advance David David Morton Director, Networks & Telecommunications Services: Wi-Fi, Wired, Telephony, Mobile & HuskyTV University of Washington dmor...@uw.edu<mailto:dmor...@uw.edu> tel 206.221.7814 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. --- Bruce Curtis bruce.cur...@ndsu.edu<mailto:bruce.cur...@ndsu.edu> Certified NetAnalyst II 701-231-8527 North Dakota State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.