Hi Alan, On Fri, 2022-05-27 at 09:54 -0400, Alan DeKok wrote: > On May 26, 2022, at 6:21 PM, James Prestwood <prestwoj@xxxxxxxxx> > wrote: > > For tunneled methods like PEAP/TTLS, on a reauthentication request, > > hostapd uses the phase2 identity stored in the sm but hard codes the > > phase to 0. This happens in eap_sm_Policy_getDecision(). > > The outer identity should be the same for both the initial > authentication, and any resumption. For details, see: > > https://datatracker.ietf.org/doc/html/rfc9190#section-2.1.3 > > When NAI reuse can be > done without privacy implications, it is RECOMMENDED to use the same > NAI in the resumption as was used in the original full handshake > [RFC7542] > > Changing outer identities for resumption seems wrong. I'm not sure I follow, EAP-TLS doesn't suffer this issue since it doesn't have two phases. TTLS/PEAP use an anonymous/outer identity and the real identity for phase2 which is encrypted. Using the same identities for both phases removes any privacy from the real identity. Several example configurations for wpa_supplicant even uses two separate identities e.g. # EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the # unencrypted use. Real identity is sent only within an encrypted TLS tunnel. network={ ssid="example" key_mgmt=WPA-EAP eap=TTLS identity="user@xxxxxxxxxxx" anonymous_identity="anonymous@xxxxxxxxxxx" password="foobar" ca_cert="/etc/cert/ca.pem" priority=2 } The hostapd tests avoid this issue it seems by allowing any outer identity to be accepted: * TTLS,TLS,PEAP,FAST,TEAP,SIM,AKA',AKA Maybe this is standard practice for all authentication servers? But from what I can gather there is no requirement they two identities must be the same. Thanks, James > > Alan DeKok. > _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
