EAP-TTLS Diameter usage

Alan DeKok aland at deployingradius.com
Thu Sep 21 11:13:05 UTC 2023

On Sep 21, 2023, at 5:59 AM, Härtl, Calvin <Calvin.Haertl at stud.hs-coburg.de> wrote:
> I do have another question regarding EAP-TTLS.
> According to eap ttls | FreeRADIUS Documentation (networkradius.com)<https://networkradius.com/doc/3.0.10/raddb/mods-available/eap/ttls.html> and RFC5281 (RFC 5281: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (rfc-editor.org)<https://www.rfc-editor.org/rfc/rfc5281.html#page-15>), Diameter is being used in this protocol to allow the usage of AVPs. But is there another reason why EAP-TTLS uses Diameter packages?

  It doesn't use Diameter.  It uses the Diameter attribute format.

  The Diameter protocol has about 10,000 other things added to it.  Connection management, state machines, etc.  The attribute format on the other hand is relatively simple.

> I am asking, since I checked some PEAP packages with Wireshark and these packages, while not using Diameter, still have AVPs incorporated in them.

  PEAP uses a different format.

> I also can not find any sources that state why Diameter was specifically chosen for EAP-TTLS.

  It was chosen by the authors of EAP-TTLS, for their own reasons.  I don't think there was any public discussion on it.

> Was there another advantage that Diameter offers in the case of EAP-TTLS? I.e. client roaming capabilities, failover, etc.?

  The Diameter features of roaming, failover, etc. have zero impact on EAP-TTTLS.   You're confusing data encoding with protocol state machines.

  EAP-TLS uses TLS.  So does HTTPS.  Does this mean I can do web surfing over EAP-TLS?


  The same argument applies to EAP-TTLS and Diameter.

  Alan DeKok.

More information about the Freeradius-Users mailing list