TTLS vs PEAP

Khali Singh khalisingh3620 at gmail.com
Thu Mar 2 06:24:26 CET 2017


Dear devs

I am trying to understand the difference between the various flavors of
TTLS and PEAP. Please comment and/or correct the following observations:

1 .Both TTLS and PEAP use TLS for server side authentication and then use
an inner authentication method to authenticate the client.

2. TTLS has a little more flexibility when it comes to choosing the inner
authentication method than PEAP.

3. TTLSv0 is standardized as an RFC and is commonly found in
implementations. TTLSv1 is only  specified as a draft and not commonly
implemented. TTLSv1 relies on a non-standard TLS extension called "Inner
Authentication" which binds the inner and outer authentication to provide
better security and protection.

4. Microsoft only implements and acknowledges PEAPv0. PEAPv1 was specified
by Cisco to add support for EAP-GTC as an inner authentication method. How
big is the difference between PEAPv0 and PEAPv1?

5. What is the difference between PEAPv2 specified in the later versions of
the draft: https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-10
and the previous versions?

BR
Khali


More information about the Freeradius-Devel mailing list