Wireless Security
Re: EAP-TTLS Question Aug 27 2008 02:52AM
Christopher (vooduhal gmail com) (2 replies)
I guess a follow up to my question would be does this RFC excerpt mean
that the TTLS server cert is exchanged during phase 1 of the
authentication, and if so, is it susceptible to the same MitM that
PEAP is?
As part of the TLS handshake protocol, the TTLS server will send its
certificate along with a chain of certificates leading to the
certificate of a trusted CA. The client will need to be configured
with the certificate of the trusted CA in order to perform the
authentication.

Am I back to the wonderful user being able to accept a self signed
cert and compromising the whole authentication transaction? Is it
also safe to assume that the behavior is solely based on the
supplicant?

On Tue, Aug 26, 2008 at 6:36 PM, Christopher <vooduhal (at) gmail (dot) com [email concealed]> wrote:
> We've been working on implementing PEAPv0/MSCHAPv2 and have decided
> that because of the MitM possibility of the TLS piece we would like to
> find another solution. We were considering TLS but I had a quick
> question about TTLS. Is the authentication server certification
> enforcement part of the client or is there a possibility of a MitM
> against the server cert as is the case with PEAP?
>

[ reply ]
Re: EAP-TTLS Question Aug 27 2008 05:36PM
Joshua Wright (jwright hasborg com)
Re: EAP-TTLS Question Aug 27 2008 02:52PM
Christopher (vooduhal gmail com) (1 replies)
Re: EAP-TTLS Question Aug 28 2008 01:20PM
Joshua Wright (jwright hasborg com)


 

Privacy Statement
Copyright 2010, SecurityFocus