Talk:Extensible Authentication Protocol

Untitled
This page seems to have some serious anti-Cisco slant, possibly to the extent that it violates NPOV. In particular, phrases such as 'Swallowing the Cisco Kool-Aid' have no place in an encyclopdiac entry. Yes, it is true that LEAP as well as MD5 are vulernable to dictionary attacks; however, this article makes such the assinine references that EAP-FAST is likewise going to be insecure which is true speculation and also has no place in this entry. --anon
 * Thanks for pointing that out: I've cut a few sentences that were blatant, but it still needs work, and the article is pretty hard to understand to boot. I've added a "cleanup" tag. &mdash; Matt Crypto 16:29, 24 Jun 2005 (UTC)


 * I apologize for that 'Swallowing the Cisco Kool-Aid' comment. This was my first contribution to the Wiki and it was a newbie mistake.  I will be more careful in the future.  -- George

The EAP should, according to IETF (see http://www3.ietf.org/proceedings/02mar/slides/eap-1/tsld010.htm), be pronounced as "ee ey pee". Schotti 03:22, 16 February 2006 (UTC)

I made the small changes to the LEAP section and I would like to add I do not work for Cisco nor am I associated with them in any way other than as an end-user. I actually have a personal general bias against them due to their use of proprietary protocols everywhere (EIGRP anyone?). -Matt

Tagged Changed
This article seems pretty clean. I swapped out the cleanup for diagram because security protocols are inherently difficult to understand. --meatclerk 19:16, 23 July 2006 (UTC)

The data on the difference between PEAPv0 and PEAPv1 is wrong.

Both versions of PEAP support EAP subtypes and microsoft has an extension API allowing their use. Which supplicants support what by default or per supplicant implementation is not the same as saying they are not supported or various EAP subtypes that work in v0 can't work in v1 or vis versa. I've personally used EAP-GTC over PEAPv0 using the AEGIS supplicant.

The difference between v0 and v1 is that v0 uses a slightly different header format and v0 uses the eap type of EAP Extension (Type 33) to convey success/failure information. This is the ONLY difference between v0 and v1. From the users perspective neither version is better than the other. They both have the same capabilities and security properties and capabile of supporting the same subtypes.

The latest PEAP drafts define PEAPv2 which is similiar to v1 except that it adds a crypto binding between the inner EAP-PEAP-(EAP-??) method protected by PEAP and the keying material used in the PEAP handshake. This provides improved security.

RFC status
Why is RFC 2716 (EAP-TLS) called "open standard", whereas RFC 4746 (EAP-PSX) is called "experimental RFC"? Both are "experimental track" RFCs, but it sounds like someone is twisting words here. To the uninitiated, RFCs can be one of standards track: These have the IETF stamp of approval for future direction and relevancy. informational: Often non-normative documents, or contributed documents from vendors who wish to publish what they've implemented. experimental: A suggested protocol or similar which is, well, experimental. IETF will not publish bad or inconsistent protocols, so there is nothing derogatory about being an experimental RFC. BGP started out as experimental, and didn't become standards track until BGP-4! Finally, there's historic: obsolete standards.

It is also stated that EAP-MD5 is the only standards track EAP application, but this is not strictly correct -- the Diameter EAP application (RFC 4072) is also standards track. Kjetilho (talk) 11:58, 3 February 2008 (UTC)

EAP-MD5 _was_ the only standards track EAP method for quite some time. RFC 4072 is an EAP encapsulation for Diameter, not a method. However, since your comment the IETF EAP Methods Update (EMU) Working Group has passed EAP-GPSK (RFC 5433) and others are in progress. Davesnotthere (talk) 17:46, 28 February 2013 (UTC)

Merge proposal
I've added templates suggesting a merge of Protected Extensible Authentication Protocol into this article. The PEAP redirect should become a disambig page at that point, since there is a line at the top of the page about a different expansion of the acronym. Todd Vierling (talk) 15:42, 6 August 2008 (UTC)


 * I agree with the suggestion that Protected Extensible Authentication Protocol should be merged into this article. I am considering taking up the work of carrying out the merger. I request the other contributors to voice objections if any (approvals are obviously welcome :) ) Kcrao - Engineer, Security and Wireless Technologies (talk) 09:22, 6 March 2009 (UTC)


 * I disagree. The material belongs in both, not one or the other. The tech is too complicated to fit neatly into a broader article with other highly complicated tech. By all means add whatever relevant material to the EAP article, but that section of the article should refer here for a complete understanding of the subject of PEAP. In other words, this article should redirect (on the subject of PEAP) to PEAP and not vice versa. Int21h (talk) 09:37, 20 March 2010 (UTC)


 * I disagree. Articles like EAP-SIM and EAP-AKA are merely informative of existent EAP variants. However they might grow up in a extensible explanation about the protocol. This feasible scenario fits better with EAP and its variant articles to referring each other. JrBenito - Mobile Software Engineer (talk) 22:22, 21 March 2011 (UTC)

From RADIUS
The following text does not have anything to do with RADIUS. I've moved it here in case it's needed in the EAP article.

Some EAP methods establish a secure tunnel between an authenticator and the home AAA server before the transmission of sensitive data, providing relief for most of those concerns. In these cases, there is sometimes an outer identity in clear text transmitted outside the EAP tunnel - visible to proxies so they can route packets - which doesn't have to reveal much about the user's true identity, and an inner identity that does, which is transmitted inside the secure EAP tunnel. kgrr talk 08:19, 30 April 2009 (UTC)

"WPA Extended EAP" and "WPA2 Extended EAP"
How do those fit into this article? Are they different EAP methods altogether?

See:



85.97.254.28 (talk) 08:57, 5 May 2012 (UTC)

Those are Wi-Fi Alliance labels for the fact they are now testing the listed EAP methods as part of their WFA Wi-Fi branding. Davesnotthere (talk) 17:30, 28 February 2013 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 1 one external link on Extensible Authentication Protocol. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20090210002337/http://cisco.com:80/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/FAST_admin.html to http://www.cisco.com/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/FAST_admin.html

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 14:07, 10 January 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on Extensible Authentication Protocol. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20131212085700/http://riosec.com/files/Open-Secure-Wireless.pdf to http://riosec.com/files/Open-Secure-Wireless.pdf
 * Added archive https://web.archive.org/web/20131126183610/http://riosec.com/open-secure-wireless-2.0 to http://riosec.com/open-secure-wireless-2.0

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 23:40, 9 May 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 5 external links on Extensible Authentication Protocol. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20080209200945/http://www.unstrung.com/document.asp?doc_id=41185 to http://www.unstrung.com/document.asp?doc_id=41185
 * Added archive https://archive.is/20130213070147/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=065d2895b4693e8c923580dbfa31123297c8bb7d to http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba%3Dcommit%3Bh%3D065d2895b4693e8c923580dbfa31123297c8bb7d
 * Added archive https://archive.is/20140930045346/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=8e5fdfabf69a7692d1a0d04f00fa103e9ff72010 to http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba%3Dcommitdiff%3Bh%3D8e5fdfabf69a7692d1a0d04f00fa103e9ff72010
 * Added archive https://archive.is/20140930045348/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=b61e70c4f37837baf17956817f8d80a586f75770 to http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba%3Dcommitdiff%3Bh%3Db61e70c4f37837baf17956817f8d80a586f75770
 * Added archive https://web.archive.org/web/20071023234216/http://www.ietf.org/html.charters/emu-charter.html to http://www.ietf.org/html.charters/emu-charter.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 11:52, 26 September 2017 (UTC)

Add EAP registry numbers
Most of communication and endpoint device’s configuration file are using EAP registry numbers defined by IANA here.--imlibra925 (talk) 19:04, 30 April 2018 (UTC)

Possible vandalism - external links and references purged
I just noticed that the external references are not links to anything and there are no references on the page. This appears to have been done in an edit on February 19, 2018. Should this be reverted? I would think it should be, but since it's been present for four months, perhaps there is a reason why nobody has reverted it yet? Shamino (talk) 17:38, 20 June 2018 (UTC)

Is there a way to know if an equipement is implementing the EAP-PWD ?
thanks — Preceding unsigned comment added by Walidou47 (talk • contribs) 16:17, 11 February 2020 (UTC)