PEAPv0 vs PEAPv1 vs PEAPv2

Zdravim, zajimal jsem se o ruzne typy PEAP protokolu, lze lehce dohledat, ze PEAPv0 pouziva MS-CHAPv2 (Microsoft), PEAPv1 pouziva EAP-GTC (Cisco), avsak nikde nemohu najit zadne detaily o PEAPv2. Existuje vubec tento protokol? Pokud ano, mohl by me nekdo odkazat na nejakou specifikaci, pripadne uvest rozdly oproti tem dvou predchozim verzim? Dekuji.

PEAPv2 was defined in versions beginning with http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-06 -- wiki

6.12.2011 10:02 Matej Ondrusek
Rozbalit Rozbalit vše Re: PEAPv0 vs PEAPv1 vs PEAPv2

No ano, to jsem prochazel, ale vidi snad nekdo v tom draftu nekde uvedene rozdily PEAPv2 oproti tem predchozim?

6.12.2011 10:31 Matej Ondrusek
Rozbalit Rozbalit vše Re: PEAPv0 vs PEAPv1 vs PEAPv2

Ono kdyz jsem ty drafty vice studoval, tak PEAPv2 je zminen spise tu:

http://tools.ietf.org/id/draft-josefsson-pppext-eap-tls-eap-10.txt

Ale presto tu explicitne z toho popisu nevyplyvaji zadne rozdily oproti predchozim verzim, mozna az na tyto dva odstavce:

 EAP [RFC3748] prohibits use of multiple authentication methods within
   a single EAP conversation, except when tunneled methods such as
   PEAPv2 are used.  This restriction was imposed in order to limit
   vulnerabilities to man-in-the-middle attacks as well as to ensure
   compatibility with existing EAP implementations.

   Within PEAP these concerns are addressed since PEAPv2 includes
   support for cryptographic binding to address man-in-the-middle
   attacks, as well as version negotiation so as to enable backward
   compatibility with prior versions of PEAP.

Jestli to tedy chapu spravne, PEAPv2 podporuje autentizaci pomoci vice EAP metod v ramci jedne EAP komunikace? Co si ale pod tim muzu predstavit?

Dotaz: PEAPv0 vs PEAPv1 vs PEAPv2

Odpovědi