Ok, thanks for the clarification. Is there anything that needs to be done then? Can this be applied? On Fri, Apr 17, 2020 at 2:03 PM James Carlson <carlsonj@xxxxxxxxxxxxxxx> wrote: > > On 2020-04-17 16:50, Eivind Naess wrote: > > The RFC draft maybe long expired, but Microsoft still has EAP-MSCHAPv2 > > enabled by default settings. The problem is that if EAP gets > > negotiated (because the client supports it), EAP-MSCHAPv2 will > > typically be selected. A workaround would be to disable EAP > > negotiation on the client side to allow MSCHAPv2 to be selected and > > that be only if the Microsoft server is configured to allow that. It's > > mostly a compatibility problem for end-users, especially when using > > SSTP. > > Oh, I have no doubt that they're using it, and that users will want a > feature like this. I was only pointing out that the submission comment > was slightly inaccurate. There is, as far as I know, no published RFC > describing this protocol. > > The document you're citing is an Internet-Draft, not an RFC. There's no > such thing as an "RFC draft." > > The difference is important to folks in the IETF (at least). An RFC > goes through a documented review and acceptance process and never > expires. An I-D is a temporary document that has no necessary review > whatsoever and expires after a few months. It's not correct to refer to > an I-D as any sort of RFC. > > -- > James Carlson 42.703N 71.076W <carlsonj@xxxxxxxxxxxxxxx> -- Cheers, - Eivind