(no subject)

Martin Gadbois martin.gadbois at colubris.com
Fri Dec 1 19:15:23 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thibault Le Meur wrote:
> EAP-TTLS requires only a server-side cert. The client-side authentication is
> performed through an inner TLS tunnel and is usually PAP (but can be any EAP
> method).
> 

Several 801.1x/WPA clients can elect _not_ to verify the server's
certificate with EAP-TTLS and EAP-PEAP.

This allows Man-in-the-middle attacks.

- --
==============         +----------------------------------------------+
Martin Gadbois         | "Windows might take you from 0 to 60 faster, |
S/W Developer          |  but to go to 100 you need Unix."            |
Colubris Networks Inc. +----------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFcHE79Y3/iTTCEDkRAmcaAJ4zhaOrgU2eJu+DYjxJ1LeeLj4LRgCgrHfg
znf7AG/N0tZsXjiKtEM/XZ4=
=Lm4S
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list