EAP-SIM on 2.2.0
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 13 17:13:27 CEST 2012
On 13/09/12 15:52, Francois Gaudreault wrote:
> Well you are probably right, but when providers will start pushing 3G/4G
> offload for real (if they ever do), there are not many ways of doing
> it... I think :P The reason of those tests on our side is to support
> WISPr and/or NewGen hotspots with our product.
That's a big "if", IMO.
EAP-SIM would in theory be quite nice for a number of reasons right now,
even without offload. It's a built-in, secure credential.
Unfortunately, as our off-list emails suggests, you can't get easy
access to SIM secrets in the general case (for obvious reasons). So
unless someone (i.e. the mobile phone providers) starts running a radius
server you can proxy *.3gppnetwork.org to, I can't see EAP-SIM being
part of the solution.
Far more likely is manufacturer-installed X.509 certs and EAP-TLS or a
variant, or even EAP-TEAP with PAC or cert provisioning.
More information about the Freeradius-Users
mailing list