On Jan 10, 2023, at 1:52 PM, Heikki Vatiainen <[email protected]> wrote: > With *Server Un*authenticated mode a passive attacker can't view the > exchange, but MITM is possible. EAP-FAST allowed EAP-FAST-MSCHAPv2 with this > mode but since then requirements seem to have become stricter.
Ah, yes. My $0.02 would be to add text about how server unauthenticated mode is not recommended. > With Server Unauthenticated Provisioning Mode client does not verify a > certificate and MITM is possible. With an anonymous ciphersuite a certificate > is not required in a Server Hello message. Here's an EAP-FAST example where > the client ( eapol_test from hostapd) has no PAC and it's configured with > anonymous provisioning allowed. Client Hello is not shown, but it only > contains two ciphersuites: TLS_DH_anon_WITH_AES_128_CBC_SHA and 0x00ff (RFC > 5746 TLS Renegotiation Extension). EAP-FAST server then sends this as > response to finish its part of TLS handshake. No certificate is present in > Server Hello. > TEAP RFC has much less text about Server Unauthenticated mode. I'd say this > gives even more reason to be clear about why EAP-FAST-MSCHAPv2 is no longer > allowed by TEAP with this mode. I agree. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
