On May 27, 2022, at 12:22 PM, James Prestwood <prestwoj@xxxxxxxxx> wrote: > On Fri, 2022-05-27 at 09:54 -0400, Alan DeKok wrote: >> >> Changing outer identities for resumption seems wrong. > > I'm not sure I follow, EAP-TLS doesn't suffer this issue since it > doesn't have two phases. I referenced the EAP-TLS document because the updated PEAP / TTLS / PEAP RFC will have similar requirements. Unfortunately, it's not done yet, so there's only a draft document available. > TTLS/PEAP use an anonymous/outer identity and > the real identity for phase2 which is encrypted. Using the same > identities for both phases removes any privacy from the real identity. I didn't say anything about using the same identity for both phases. I said that the same identity should be used for the initial authentication, and for resumption. The draft document I mentioned explicitly covers the issue of using the same identity for both inner and outer methods. In short, it's not recommended. https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-06#section-3.1 > Maybe this is standard practice for all authentication servers? But > from what I can gather there is no requirement they two identities must > be the same. No one said that they should be the same. Your original message seemed to be saying that wpa_supplicant would use the phase2 identity on resumption. This is wrong. The "outer" identity should be the same for both the initial authentication, and for resumption, unless the server has sent a new PSK identity for resumptions. See Section 2.1.3 of RFC 9190. Again, there is no requirement that the inner identity be the same as the outer one, and no one is proposing that. Alan DeKok. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
