What is more secure: EAP-PEAP, EAP-TLS or EAP-TTLS?

Elias Pereira empbilly at gmail.com
Mon Aug 20 13:23:37 CEST 2018 

Hello Adam, thanks for the answer!! :)

At first our freeradius server will be configured for authentication of
smartphones from our wifi network. My intent is to try and configure each
client to have their own certificate for the connection.

Scenario 1 (in tests)
I already have a scenario with EAP-PEAP where the client downloads the CA,
installs it on his smartphone and connects, but as we know, if he does not
select the CA at the time of connection, he will still be able to connect.
In this way we are in the hands of the user's "willingness" to use the CA,
even informing the danger of not using the CA.

Scenario 2 (intended)
As mentioned above, I would like a scenario where the client had its own
certificate and the radius server verified this certificate in
authentication. If it is signed by the CA of the server, it authenticates,
otherwise, not.

For scenario 2, what is the best method?

On Mon, Aug 20, 2018 at 7:44 AM Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:

> On 20 Aug 2018, at 04:37, Elias Pereira <empbilly at gmail.com> wrote:
> > Starting from a scenario with 3 servers, where all 3 methods are properly
> > configured, what would be the safest method?
>
> Your question is a little too vague - all three methods can be equally
> secure over the wire. They're all TLS-based and all support client certs.
>
> It's the details of the configuration that differentiate them - so how are
> you planning on configuring your clients?
>
> Adam Bishop
>
>   gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
> limited by guarantee which is registered in England under company number
> 2881024, VAT number GB 197 0632 86. The registered office is: One Castle
> Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Elias Pereira

More information about the Freeradius-Users mailing list