Thanks Jouni. So what is the difference between PEAPv0 and PEAPv1? Is it simply how EAP messages are encapsulated in the TLS tunnel? Or they have some different (security) properties? BR Khali On Thu, Mar 2, 2017 at 9:00 PM, Jouni Malinen <j@xxxxx> wrote: > On Thu, Mar 02, 2017 at 05:13:27PM +0200, Khali Singh wrote: >> Continuing on my previous question, on the list of supported EAP >> methods in wpa_supplicant, the following are mentioned: >> EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1) >> EAP-PEAP/TLS (both PEAPv0 and PEAPv1) >> EAP-PEAP/GTC (both PEAPv0 and PEAPv1) >> EAP-PEAP/OTP (both PEAPv0 and PEAPv1) >> EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1) >> >> But I thought PEAPv0 is from Microsoft and meant for MSCHAPv2 while >> PEAPv1 is from Cisco and was defined for support for GTC. > > Maybe so initially, but there is nothing in either design preventing > other inner methods from being used in Phase 2. > >> And how does >> PEAPv2 fit into the picture? Does it provide more security by binding >> the inner authentication to the outer server TLS authentication? > > It does not really fit the picture since no one seems to be implementing > or deploying it nor does there seem to be effort in completing a > specification for it. > > By the way, Microsoft has added crypto binding into PEAPv0. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
