EAP-SIM on 2.2.0

Phil Mayers p.mayers at imperial.ac.uk
Thu Sep 13 17:13:27 CEST 2012

On 13/09/12 15:52, Francois Gaudreault wrote:

> Well you are probably right, but when providers will start pushing 3G/4G
> offload for real (if they ever do), there are not many ways of doing
> it... I think :P  The reason of those tests on our side is to support
> WISPr and/or NewGen hotspots with our product.

That's a big "if", IMO.

EAP-SIM would in theory be quite nice for a number of reasons right now, 
even without offload. It's a built-in, secure credential.

Unfortunately, as our off-list emails suggests, you can't get easy 
access to SIM secrets in the general case (for obvious reasons). So 
unless someone (i.e. the mobile phone providers) starts running a radius 
server you can proxy *.3gppnetwork.org to, I can't see EAP-SIM being 
part of the solution.

Far more likely is manufacturer-installed X.509 certs and EAP-TLS or a 
variant, or even EAP-TEAP with PAC or cert provisioning.

More information about the Freeradius-Users mailing list