Re: PEAP versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 02, 2017 at 05:13:27PM +0200, Khali Singh wrote:
> Continuing on my previous question, on the list of supported EAP
> methods in wpa_supplicant, the following are mentioned:
> EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
> EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
> EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
> EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
> EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
> 
> But I thought PEAPv0 is from Microsoft and meant for MSCHAPv2 while
> PEAPv1 is from Cisco and was defined for support for GTC.

Maybe so initially, but there is nothing in either design preventing
other inner methods from being used in Phase 2.

> And how does
> PEAPv2 fit into the picture? Does it provide more security by binding
> the inner authentication to the outer server TLS authentication?

It does not really fit the picture since no one seems to be implementing
or deploying it nor does there seem to be effort in completing a
specification for it.

By the way, Microsoft has added crypto binding into PEAPv0.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux