On Thu, Sep 22, 2016 at 2:01 PM, Jouni Malinen <j@xxxxx> wrote: > On Thu, Sep 22, 2016 at 01:35:55PM -0700, alan furlong wrote: >> Which EAP method(s) are you thinking of using? >> EAP-SIM and EAP-AKA > > Both of which support method specific identity privacy mechanisms.. Is > there a reason why pseudonym username and/or fast re-authentication > username would not be sufficient protection? An attacker could request permanent ID with AT_PERMANENT_ID_REQ. Maybe we could configure wpa_supplicant to be conservative to defend in such scenario, but that also means if auth server loses the pseudonym then peer will fail to connect with legitimate server too. Please also note that both > EAP-SIM and EAP-AKA send out the username in plaintext during their > exchange, so it does not really matter at all how much one would try to > protect the value sent in EAP-Response/Identity. You can already send > "anonymous@<operator realm>" there and leave the username determination > to EAP-SIM/AKA. So maybe encryption needs to happen in the AT_IDENTITY attribute present in the EAP-Response/SIM/Start message (EAP-SIM) and in the EAP-Response/AKA-Identity message (EAP-AKA). Also because of size limitation in RADIUS attribute "User-Name", it may not be possible to do RSA encryption of EAP Identity in EAP-Response/Identity packet. Thanks, -Alan > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap