Hello Alan, Thanks for your reply,
I understand your view here and I don't disagree. My point is to firstly see which of them are being used in practice and then try to identify why. In certain instances some of them are more convenient/secure/etc than others, but when you know their popularity you can start thinking of other questions such as why would you need to configure both PEAP and EAP-TTLS for example. If providers are doing so there must be a reason and this is what I wanted to see.
answers
1) the usage figures are known by sites who tell - they always show PEAP being the most favoured
I didn't know that, and some articles I read didn't favour PEAP that much. Good to learn.
2) backend authentication method
3) PEAP is most convenient... with correct deployment they are all as
secure
as each other
I would imagine that from the backend's perspective deploying PEAP and EAP-TTLS is similar right? When you mention here convenient you mean in terms of the clients that support it out of the box?
4) because you can. we support PEAP/EAP-TTLS/EAP-TLS/EAP-PWD because our authentication system works with them all and it means that we can offer
the
widest range of authentication methods to clients - especially of interest to the mobile space where , for example, Apple could suddenly decide not to support PEAP anymore.... we've got EAP-TTLS there.
So being more inclusive and supporting more devices out of the box is a reason for supporting more than one EAP method on the server. is knowledge and a very large historical tract of 802.1X space.
the requirements of the scenario. I more wanted to see what do providers eventually support and what prevails in the real world (vs theory).
..and what would happen if the only vocal people who provided you with data were all using EAP-TLS or EAP-FAST, you would get a very distorted view of whats going on in the real world. that is the problem with such surveys or questions...
Nothing would happen! I asked to see if people have pointers or would be willing to share their stats/numbers as there is nothing as such online. Thanks for your reply, Panos