On May 26, 2022, at 6:21 PM, James Prestwood <prestwoj@xxxxxxxxx> wrote: > For tunneled methods like PEAP/TTLS, on a reauthentication request, > hostapd uses the phase2 identity stored in the sm but hard codes the > phase to 0. This happens in eap_sm_Policy_getDecision(). The outer identity should be the same for both the initial authentication, and any resumption. For details, see: https://datatracker.ietf.org/doc/html/rfc9190#section-2.1.3 When NAI reuse can be done without privacy implications, it is RECOMMENDED to use the same NAI in the resumption as was used in the original full handshake [RFC7542] Changing outer identities for resumption seems wrong. Alan DeKok. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
