On Sun, 2002-11-24 at 05:24, Artur Hecker wrote:
> i don't know if you are really interested in it, but PEAP [2]
> ("protected EAP") is another MS-Cisco invention (built in in Windows XP
> SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems
> to know so far how it works but
The basic idea is to run TLS inside EAP and then EAP again within the
TLS session. Thus it is fairly similar to EAP-TTLS and seems to give
about the same advantages (support for legacy authentication methods,
protection of the identity, etc.).
The ID you reference (-05 is the latest version) should be sufficient to
implement it.
> it probably gives mutual out and key
> negotiation
Yes.
> [2]
> http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
