On 05/02/17 11:12, Brian Candler wrote:
It can be argued that using the outer identity in accounting packets is reasonable behaviour. After all, the whole reason the client chose "anonymous" was so that a network sniffer could not see their real identity. If the NAS included the real identity in accounting packets, then a sniffer would see it.
Sort of. There are really two use-cases AFAICT: 1. "anonymous" in the EAP packet on the wired/wireless LAN to hide your identity from passive sniffers outside the network e.g. someone sitting in the same coffee shop with a wifi sniffer. 2. "anonymous" in the RADIUS packets and accounting to hide your identity from the NAS (the latter particularly in a federated network like eduroam where SP and IdP are different entities) I don't think "anonymous" was ever really intended to protect against sniffing of the accounting packets between NAS & radius server - if you have attacks at that level, you have bigger problems and should be using IPSec or RADSEC.