Agreed that there are some privacy concerns, but many are in the process of being addressed. I’d argue that the privacy concerns with Passpoint are no different than with eduroam today. At least Passpoint gives the user more visibility into the actual operator of the network they’re connected to. "Traditional" eduroam (SSID-based) is a mystical, random thing for end users.
Certificate management is not a new problem for Wi-Fi either. Passpoint actually makes it a bit easier though because the profile can be lifecycle managed through an existing app, often with little to no user interaction. You also don’t have to use client certs for Passpoint. Actually, right now, my recommendation is to not use certificate-based auth due to privacy concerns. Device-specific credentials with EAP-TTLS/PAP and an anonymous outer identity is the recommended path. There’s really no path forward without Passpoint (unless you really don’t care about user experience and security). tim From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> Date: Monday, July 20, 2020 at 21:56 To: [email protected] <[email protected]> Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 20 Jul 2020 to 21 Jul 2020 - Special issue (#2020-88) Passpoint solves some issues (less SSIDs, encryption, instant access) and then it brings other issues like Privacy and authentication pains (certificate expiration, loss of credentials) Philippe Hanset, CEO www.anyroam.net<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.anyroam.net%2F&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C40650f86688848f66a1d08d82d193aca%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637308933688101275&sdata=Gig3c46qwQ2aUHI%2FK6U%2F9nZuqDztk4xe03uzRtN3L8s%3D&reserved=0> Operator of eduroam-US +1 (865) 236-0770 On Jul 20, 2020, at 9:42 PM, Tim Cappalli <[email protected]<mailto:[email protected]>> wrote: There has been an exponential increase in Passpoint rollouts in the past 18 months, on both the network infrastructure side as well as clients. Ping your vendor. The more people talk about it (and ask for it), the faster it will be adopted and rolled out. tim From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]<mailto:[email protected]>> Date: Monday, July 20, 2020 at 21:39 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: [WIRELESS-LAN] WIRELESS-LAN Digest - 20 Jul 2020 to 21 Jul 2020 - Special issue (#2020-88) Passpoint solves all of these issues. Tim Count me in the fan bucket when widely deployed. But when will that be I wonder? MAC rotation increases in a few months. I recognize institutions have different relations with their guests. For ours the friction/intrusiveness of onboarding processes was considered too high a cost. I know I would not want to run another institutions software on my device to onboard it to their Wi-Fi (and for some it is prohibited). -- William Green, Director of Networking and Telecommunications The University of Texas at Austin | ITS | 512-475-9295 | [email protected]<mailto:[email protected]> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C40650f86688848f66a1d08d82d193aca%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637308933688111264&sdata=6kuH1csU3sxYdJRWeyvYdT9tyfZM1bSsXOLfMpo%2B4BU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C40650f86688848f66a1d08d82d193aca%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637308933688111264&sdata=6kuH1csU3sxYdJRWeyvYdT9tyfZM1bSsXOLfMpo%2B4BU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ctim.cappalli%40MICROSOFT.COM%7C40650f86688848f66a1d08d82d193aca%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637308933688121264&sdata=JUkSOY6PLWEUAdmxVjkh3pPNZCNMoekOiXlqeRi23eo%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
