13 Aug
2018
13 Aug
'18
2:20 p.m.
On Aug 13, 2018, at 2:08 PM, Norman Elton <normelton@gmail.com> wrote:
No. PEAP is pretty much EAP-TLS plus MS-CHAP. MS-CHAP doesn't need the certs. EAP-TLS does.
Thanks for the clarification. I assumed (erroneously) that EAP-TLS used the client-side certificate, verified with the trusted CA information on the server,
Yes, that's how EAP-TLS works.
_instead_ of the server-side certificate.
No, *both* ends need to authenticate each other.
In fact, it should be "in addition to the server-side certificate"?
Yes. Alan DeKok.