Sending EAP Identity Encrypted

Jouni Malinen j at
Thu Sep 22 14:01:16 PDT 2016

On Thu, Sep 22, 2016 at 01:35:55PM -0700, alan furlong wrote:
> Which EAP method(s) are you thinking of using?

Both of which support method specific identity privacy mechanisms.. Is
there a reason why pseudonym username and/or fast re-authentication
username would not be sufficient protection? Please also note that both
EAP-SIM and EAP-AKA send out the username in plaintext during their
exchange, so it does not really matter at all how much one would try to
protect the value sent in EAP-Response/Identity. You can already send
"anonymous@<operator realm>" there and leave the username determination

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list