Sending EAP Identity Encrypted

Jouni Malinen j at w1.fi
Thu Sep 22 13:02:44 PDT 2016


On Thu, Sep 22, 2016 at 09:47:27AM -0700, alan furlong wrote:
> Just to add more info to this. I'm only looking for encryption of
> username part of NAI, and there is no outer tunnel possibility to
> protect the identity in the scenario I'm dealing with.

Why would you need to that instead of using anonymous username and
exchange the real identity in protected manner within the actual EAP
authentication method? Which EAP method(s) are you thinking of using?

> On Thu, Sep 22, 2016 at 9:06 AM, alan furlong <alan250985 at gmail.com> wrote:
> > Is it possible to configure wpa_supplicant to send EAP Identity
> > encrypted for privacy reasons?

It is not really a question of configuration option on the client side.
There is no specification of a protocol for doing this nor support on
the authentication servers for doing something like this. Nor need for
this if the EAP authentication method supports protected exchange of
identities.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list