Statistics on EAP methods widely used

alan buxey A.L.M.Buxey at lboro.ac.uk
Tue Nov 20 18:55:03 CET 2012


Hi,

> I understand your view here and I don't disagree. My point is to firstly see which of them
> are being used in practice and then try to identify why. In certain instances some of them
> are more convenient/secure/etc than others, but when you know their popularity you can
> start thinking of other questions such as why would you need to configure both PEAP and
> EAP-TTLS for example. If providers are doing so there must be a reason and this is what I
> wanted to see.

answers

1) the usage figures are known by sites who tell - they always show PEAP being the most favoured

2) backend authentication method

3) PEAP is most convenient... with correct deployment they are all as secure as each other

4) because you can.  we support PEAP/EAP-TTLS/EAP-TLS/EAP-PWD because our authentication
system works with them all and it means that we can offer the widest range of authentication
methods to clients - especially of interest to the mobile space where , for example,
Apple could suddenly decide not to support PEAP anymore.... we've got EAP-TTLS there.

> >From another point of view, I keep reading about "x being the most widely deployed" or "z
> being the most commonly used" but no one backs up their claim. That's why I thought to
> ask...

there is knowledge and a very large historical tract of 802.1X space. 

> the requirements of the scenario. I more wanted to see what do providers eventually
> support and what prevails in the real world (vs theory).

..and what would happen if the only vocal people who provided you with data were all
using EAP-TLS or EAP-FAST, you would get a very distorted view of whats going on in
the real world. that is the problem with such surveys or questions...

alan


More information about the Freeradius-Users mailing list