On Thu, Sep 22, 2016 at 01:35:55PM -0700, alan furlong wrote: > Which EAP method(s) are you thinking of using? > EAP-SIM and EAP-AKA Both of which support method specific identity privacy mechanisms.. Is there a reason why pseudonym username and/or fast re-authentication username would not be sufficient protection? Please also note that both EAP-SIM and EAP-AKA send out the username in plaintext during their exchange, so it does not really matter at all how much one would try to protect the value sent in EAP-Response/Identity. You can already send "anonymous@<operator realm>" there and leave the username determination to EAP-SIM/AKA. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
