On Fri, Jan 01, 2016 at 11:26:34AM -0800, Adam Jacobs wrote: > BTW, I've been trying to understand cryptobinding. I get that it is supposed to prevent MITM attacks, but doesn't TLS already take care of that? What's the added benefit of cryptobinding/what do I lose by turning it off? Well, sort of from the client view point. Though, there is discouragingly common practice of not configuring TLS certificate validation properly on the client and the server side cannot do much about that. With MS-PEAP cryptobinding, this additional binding step can at least be enforced to reduce the likelihood of the TLS phase and the inner authentication step being performed between different entities. If someone were to implement outer TLVs, those would also get protected by the cryptobinding (but this seems to be more of a theoretical point for now since no such outer TLV is apparently even defined today). -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap