Sending EAP Identity Encrypted
Jouni Malinen
j at w1.fi
Thu Sep 22 14:01:16 PDT 2016
On Thu, Sep 22, 2016 at 01:35:55PM -0700, alan furlong wrote:
> Which EAP method(s) are you thinking of using?
> EAP-SIM and EAP-AKA
Both of which support method specific identity privacy mechanisms.. Is
there a reason why pseudonym username and/or fast re-authentication
username would not be sufficient protection? Please also note that both
EAP-SIM and EAP-AKA send out the username in plaintext during their
exchange, so it does not really matter at all how much one would try to
protect the value sent in EAP-Response/Identity. You can already send
"anonymous@<operator realm>" there and leave the username determination
to EAP-SIM/AKA.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list