Hi,
On 2016-03-30 15:10, Tuure Vartiainen wrote:
> Hi,
>
>> On 30 Mar 2016, at 14:55, Hartmaier Alexander
>> <alexander.hartma...@t-systems.at> wrote:
>>
>> we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner.
>> Not sure if the outher EAP-PEAP adds any real security as the Radiator
>> cert is the same one for both types as it only hides the transmission of
>> the user cert which can be classified like a public key imho.
>>
> Ack.
Would you say that using PEAP-TLS for both wired and wireless auth is
overkill even when both are considered sniffable?
>
>> I've already tuned the EAPTLS_MaxFragmentSize to have as few roundtrips
>> as possible (1350 for the outer PEAP and 1300 for the inner EAP-TLS).
>>
> Yes, unfortunately beside that the only real option to minimize a delay of an
> EAP authentication is to
> minimize the round-trips either by sending less certificate data or
> by using an EAP method with fewer rounds.
>
>> You see how I calculate the response_time in my email yesterday.
>>
> $p->{RecvTime} is set with a time of receive when an Access-Request is
> received, so
>
> $message->{response_time} = Radius::Util::timeInterval(
> $p->{RecvTime},
> $p->{RecvTimeMicros}, Radius::Util::getTimeHires());
>
> will calculate a response time only for that Access-Request.
>
>
> When running Radiator with Trace 4 or 5, a total time for an EAP
> authentication can be seen in the log.
>
> E.g.
>
> Wed Mar 30 12:55:58 2016 816812: DEBUG: EAP Success, elapsed time 0.71221
>
> We’ll add a feature, which will allow the total time along with an on-demand
> timing to be used through %{...} special format in AuthLogs etc.
Thanks! Please inform me when it has landed in the patches.
>
>
> BR
BR
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
