On Sun, 27 Aug 2023, at 10:57, Heikki Vatiainen wrote: > Weren't the observed differences against RFC 7170 one the main > reasons why the draft was needed?
Exactly. In particular it was the use of the EAP-FAST-MSCHAPv2 key derivative (reversed upper/lower bits) that triggered this and the fun around Identity-Type-TLV and all those empty identities when Windows gets grumpy, ... > "insider program" refers to this: > https://www.microsoft.com/en-us/windowsinsider/about-windows-insider-program > > That is, it's a public program. No secret handshakes or such was needed to > get access to TEAP functionality. I'd guess it's also the latest > implementation of TEAP, not that I've seen information that there are > differences between versions. Therefore it's likely the best Windows > version to ensure testing is done against the latest version. We even got a CVE/bounty for the TEAP work... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21539 Triggered by bundling the inner EAP Identity request from the server with the outer TLS session establishment frame to save a round trip. hostap looked to include a workaround for this (eap_teap_method_sequence) independently before it went public, guess he noticed Windows exploding too... Should be all fine now with the optimisation... Cheers _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
