Table of Contents
Advertisement
D-4 CB3000 Client Bridge User's Guide
Table D-1
summarizes the major differences between the protocols.
Software
Supported Client
Platforms
Authentication Server
Implementations by
Authentication
Methods
Protocol Operations
Basic Protocol Structure Establish TLS session
Fast Session Reconnect No
WEP Integration
PKI and Certificate Processing
Server Certificate
Client Certificate
Certificate Verification
Effect of Private Key
Compromise
Client and User Authentication
Table D-1. Detailed Comparison of TLS-based EAP Methods
TLS
(RFC 2716)
Linux, Mac OS X,
Windows 95/98/ME,
Windows NT/2000/
XP
Cisco, Funk, HP,
FreeRADIUS (open
source),
Meetinghouse,
Microsoft
Client certificates
and validate
certificates on both
client and server
Server can supply WEP key with external protocol (e.g. RADIUS
extension)
Required
Required
Through certificate chain or OCSP TLS extension (current Internet
draft)
Re-issue all server
and client certificates
EAP Type
TTLS
a
b
(Internet draft)
Linux, Mac OS X,
Windows 95/98/ME,
Windows NT/2000/
XP
Funk, Meetinghouse
Any
Two phases:
• Establish TLS
between client and
TTLS server
• Exchange attribute-
value pairs between
client and server
Yes
Required
Optional
Re-issue certificates for servers (and clients if
using client certificates in first TLS exchange)
PEAP
c
(Internet draft)
Windows XP
Cisco
Generic token card
Two parts:
• Establish TLS
between client and
PEAP server
• Run EAP exchange
over TLS tunnel
Yes
Required
Optional
Hide quick links:
Advertisement
Table of Contents
