hi
> I was mistaken, but I was always under the impression that EAP/TLS || > EAP/MD5 was something like Cisco's LEAP where Supplicant -> AP > encryption is possible. Thanks for clearing that up! I know understand > that it's not the same thing :) i don't know much about leap, but i think that it's actually is. except that cisco leap is a complete proprietary product, including the user, the client and server parts. so, basically they could make it using SMTP and you wouldn't even know. what i want to say, leap kind of combines different routines needed for authentication and the final key distribution in an unknown way (at least for me). eap/??? is always only the authentication part of the whole scenario. additionally, eap/md5 and eap/tls are in some rfcs during no part of cisco leap is, for as far as i know. that's for the authentication part. then, for the actual key distribution, the key distribution pathes in leap and in mppe (which is also proprietary actually, but they at least have an informational rfc) are not the same, they say. what you should finally accept is: the authentication can happen without key distribution. it's very very dumb to do so; the key should even depend on the information exchanged securely during the successfull authentication but there is no magic about it - if there is no provision for it, it will not happen automatically. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
