Dear devs I am trying to understand the difference between the various flavors of TTLS and PEAP. Please comment and/or correct the following observations: 1 .Both TTLS and PEAP use TLS for server side authentication and then use an inner authentication method to authenticate the client. 2. TTLS has a little more flexibility when it comes to choosing the inner authentication method than PEAP. 3. TTLSv0 is standardized as an RFC and is commonly found in implementations. TTLSv1 is only specified as a draft and not commonly implemented. TTLSv1 relies on a non-standard TLS extension called "Inner Authentication" which binds the inner and outer authentication to provide better security and protection. 4. Microsoft only implements and acknowledges PEAPv0. PEAPv1 was specified by Cisco to add support for EAP-GTC as an inner authentication method. How big is the difference between PEAPv0 and PEAPv1? 5. What is the difference between PEAPv2 specified in the later versions of the draft: https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-10 and the previous versions? BR Khali
On Mar 2, 2017, at 12:24 AM, Khali Singh <khalisingh3620@gmail.com> wrote:
Dear devs
I am trying to understand the difference between the various flavors of TTLS and PEAP. Please comment and/or correct the following observations:
We didn't write the specifications for those protocols. If you bother to look at the FreeRADIUS code, you'll also see that we didn't even implement many of them. Why would you believe we know anything about them? And why are you asking us to do this work? All of the documents and source code is public. Go read it. That's what we did. Alan DeKok.
participants (2)
-
Alan DeKok -
Khali Singh