Paul, RADIUS by itself has little to-do with device authentication (other than carrying the packets).
Problems with EAP methods is not a problem of RADIUS. Ciao Hannes On 04/08/2014 11:12 PM, Paul Lambert wrote: >> >> >> >> Either TLS or IPSEC for RADIUS will thwart pervasive monitoring. > Only if correctly implemented. The Wi-Fi industry has a pervasive problem > where the TLS certificates for the authentication servers are not > validated by all devices. We are putting in certificating testing to > encourage correct implementations, but it will take time to see a > significant change in products being sold. > > The lack of certificate validation compounds the vulnerability of MSCHAPv2 > which has been commonly used for ³enterprise" grade Wi-Fi deployments. > Some new solutions for this problem area will be available soon Š will > post when they are announced. > > Paul > > >> >> -- Christian Huitema >> >> >> >> >> _______________________________________________ >> perpass mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/perpass > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
