PEAP versions

Khali Singh khalisingh3620 at gmail.com
Thu Mar 2 07:13:27 PST 2017


Hi team

Continuing on my previous question, on the list of supported EAP
methods in wpa_supplicant, the following are mentioned:
EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)

But I thought PEAPv0 is from Microsoft and meant for MSCHAPv2 while
PEAPv1 is from Cisco and was defined for support for GTC. And how does
PEAPv2 fit into the picture? Does it provide more security by binding
the inner authentication to the outer server TLS authentication?

BR
Khali

On Thu, Mar 2, 2017 at 7:38 AM, Khali Singh <khalisingh3620 at gmail.com> wrote:
> Hi
>
> I am trying to understand the technical differences between the
> different PEAP versions.
>
> PEAPv0: https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00
>
> PEAPv1: https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-00
>
> PEAPv2: https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-06
>
> I looked online and it says that Microsoft only implements PEAPv0 and
> simply calls it PEAP. The other two versions are not popularly
> implemented. But I would still like to know the technical differences
> between the 0,1 and 2 versions.
>
> Does any of the PEAP versions bind the inner and outer authentication
> methods such as TTLSv1 with TLS Inner authentication extension.
>
> BR
> Khali



More information about the Hostap mailing list