12 May
2014
12 May
'14
10:44 a.m.
On Sun, May 11, 2014 at 11:50 AM, Alan DeKok <aland@deployingradius.com> wrote:
The key is created from SSL information. There's no SSL in EAP-PWD from what I know.
Do you have opinions as to how it should work? Or I supposed I could ping Dan Harkins and ask him...
The derivation of Session-Id is defined separately for each EAP method. In the case of EAP-pwd, it is defined in RFC 5931. Sure, there is no SSL involved in that case, but anyway, the Session-Id is defined in a way that FreeRADIUS must already be generating it since that is used in deriving MSK, i.e., the only thing that is missing is in exposing that information as the Session-Id similarly to how TLS-based methods do that. - Jouni