On Sep 22, 2016, at 12:06 PM, alan furlong <alan250985@xxxxxxxxx> wrote: > Is it possible to configure wpa_supplicant to send EAP Identity > encrypted for privacy reasons? > > This makes an assumption that the RADIUS on the other end is able to > decrypt it. Both EAP Peer and Authentication server could either use > same shared secret, or client can encrypt using public key of the > authentication server and server decrypting it using the private key. My $0.02 (as a RADIUS guy) is that this is a terrible idea. Don't do it. Instead, use anonymous outer identities (@example.com), and use the real identity in the inner tunnel. For further explanation, see my RFC: https://tools.ietf.org/html/rfc7542 Alan DeKok. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
