PEAP label in PRF

Alan DeKok aland at deployingradius.com
Wed Sep 14 16:29:45 CEST 2016


On Sep 14, 2016, at 2:04 AM, Chitrang Srivastava <chitrang.srivastava at gmail.com> wrote:
> This is regarding seed label which is used in PRF(Pseudo random function)
> to derive session keys.
> 
>     PEAPv0: https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00 - I
> don't see any mention of label but look like it uses *client EAP encryption
> ? *Any official draft or RFC mentioned PEAPv0 uses this label ?

  This list is for questions about FreeRADIUS.  If you want to learn more about the standards, ask the authors of the standards.

> So on the *client *side the code should be something like

  If you're writing an EAP client, stop now.  Use wpa_supplicant, which works everywhere, and implements everything.

  Writing another EAP client is a*terrible* idea.  It will be vaguely compatible with existing systems, but not completely compatible.  And all of the RADIUS server authors will have to spend time with YOUR customers, explaining why your software is broken.

  Don't write an EAP client.

  Alan DeKok.




More information about the Freeradius-Users mailing list