Dan Harkins wrote: > Why would someone go to the expense to implement EAP-TTLS or EAP-FAST > but not also do some hash-a-password-with-nonces method like GPSK or > MSCHAPv2 that proves to the client that the server knows the password?
Legacy password databases. > The only reason I can see to do PAP inside EAP-TTLS or EAP-FAST is > when using a token card or other OTP. For enterprises, this is a reasonable assumption. For ISPs, it's not. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
