#9: Peer Identity Protection > Section 3.4 > > " When performing an EAP authentication, the peer may want to protect > its identity, only disclosing its identity to a trusted backend > authentication server. This helps to maintain the privacy of the > peer's identity." > > Within tunneled authentication, there are a number of > identities involved. This includes the identity included in > the EAP-Request/Identity, identities used in TLS (subject and > subjectAltName fields), and identities used in the inner EAP > method. To which identities does this requirement apply? > Add
"Peer identity protection provided by the tunnel method applies to tunnel methods and inner method specific identities." > Section 4.2.1.4 > > " A tunnel protocol MUST support peer privacy. This > requires that the > username and other attributes associated with the peer are not > transmitted in the clear or to an unauthenticated, unauthorized > party. If applicable, the peer certificate is sent confidentially > (i.e. encrypted)." > > Does a username of "anonymous" need to be encrypted? Or does > this requirement only apply to the tunnel method-specific > identities? add "Peer identity protection provided by the tunnel method applies to tunnel methods and inner method specific identities." > Is there an issue with transmission of dientities to > authenticated and authorized parties (e.g. the NAS)? In some > regulatory jurisdictions this is also a concern. > [Joe] I don't think so. Either the NAS is authorized to receive the name or it isn't. If it terminates the tunnel then the tunnel method will authenticate it so it can be authorized. If it is outside the tunnel then it is out of scope of the method. -- -- Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/9#comment:1> emu <http://tools.ietf.org/wg/emu/> _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
