Forum

  • Again, I think you are referring to TTLSv0 with this, TTLSv1 had that same MiTM attack prevention since TTLSv1.

    EAP-TTLSv1 works in the same manner as EAP-TTLSv0 in that a TLS handshake is used to secure a
    subsequent AVP exchange. However, version 1 utilizes TLS with the Inner Application extension
    (TLS/IA). By having TLS/IA, EAP-TTLSv1 moves the exchange of inner AVPs from the TLS data
    phase into the TLS handshake. The new Inner Application extension to TLS (TLS/IA) was defined to
    carry inner AVPs within the handshake, thus making the TLS data phase free for other uses.
    Another benefit of TLS/IA is the secure exchange of the result of inner authentication. Inner
    authentication generates Session keys and the keys are mixed with the TLS master secret to produce an
    “inner secret”, exported by TLS/IA. The inner secret is used to generate the master session key (MSK)
    exported by EAP-TTLSv1 for protection of subsequent data transmission.

    from : http://brave.sr.unh.edu/sav/UNH-CS-TR-06-01.pdf

Page 1 of 1
  • 1