30 Jun
2005
30 Jun
'05
5:35 p.m.
Hi Everybody, Is it possilbe to avoid attribute editing and message editing by using EAP-TTLS or EAP-PEAP in a proxy environment? As far as I understton, In EAP-TTLS a tunnel is formed between a user and the TTLS server, now this TTLS server will forward the request to the proxy and proxy to the home radius server. So the threat here is from proxy, which can falsely edit attribute and messages. For example if home radius sever sends Accept-accept packet , it is possible that a proxy can change the same packet to Access-Reject (wantedly), so that the user will not be able to access visited network. Thanks in advance, Tahseen