Sending EAP Identity Encrypted

Jouni Malinen j at w1.fi
Thu Sep 22 14:01:16 PDT 2016


On Thu, Sep 22, 2016 at 01:35:55PM -0700, alan furlong wrote:
> Which EAP method(s) are you thinking of using?
> EAP-SIM and EAP-AKA

Both of which support method specific identity privacy mechanisms.. Is
there a reason why pseudonym username and/or fast re-authentication
username would not be sufficient protection? Please also note that both
EAP-SIM and EAP-AKA send out the username in plaintext during their
exchange, so it does not really matter at all how much one would try to
protect the value sent in EAP-Response/Identity. You can already send
"anonymous@<operator realm>" there and leave the username determination
to EAP-SIM/AKA.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list