RFC 3748 compliancy

Alan DeKok aland at deployingradius.com
Thu Feb 1 08:43:29 CET 2007


Geoffroy Arnoud wrote:
> I took a look at EAP method source code (even if
> crypto is not my speciality), and I'm wondering if all
> EAP methods shipped into freeRADIUS are compliant with
> RFC3748, regarding MSK and EMSK generation?

  No.  EAP-MD5 explicitely doesn't do MSK generation.

> Which are the EAP methods that supports key
> derivation?

  All of the SSL enabled methods.  (PEAP, TLS, TTLS, SIM).

> And regarding other EAP methods, is there a way to add
> EMSK generation (maybe this is a stupid question)?

  src/modules/rlm_eap/libeap/eapcrypto.c

  It already does EMSK generation for SIM.

> I need those answers to see if FreeRADIUS would be
> able to act as a EAP RADIUS server compliant with
> WiMAX NWG stage 3.

  I'm not sure what that means.  Can you clarify?

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Devel mailing list