Permanent Identity in wpa_supplicant

Jouni Malinen jkmaline
Tue Nov 28 07:09:40 PST 2006

On Tue, Nov 28, 2006 at 01:45:04PM +0100, Chris Viklund (LD/EAB) wrote:

> I was pondering though the code for wpa_supplicant (0.5.6) and I saw
> that when the identity is retrieved, in eap_sim_get_identity(), (for
> EAP-SIM at least), only the reauthentication or the pseudonym identity
> is returned. In the RFC for EAP-SIM in section Format of the
> Permanent Username it is stated that the client should return a
> permanent identity based on the IMSI if the server requires it. Is there
> a reason for this being omitted in wpa_supplicant?

eap_sim_get_identity() is only used for updating the identity for
EAP-Response/Identity packet for re-authentication case. SIM/Start
message can still use pseudonym or permanent username (usually
IMSI-based) if the server requests it during EAP-SIM authentication.

In addition, in order to provide identity privacy, the peer could refuse
to answer with its permanent pseudonym if it has reason to believe that
the authentication server should know the current pseudonym or re-auth
identity. I don't think that wpa_supplicant enforces this, though.

Does this answer your question or have you observed behavior from
wpa_supplicant where it would not follow this correctly?

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list