1. Manuals
  2. Brands
  3. Symbol Manuals
  4. Network Hardware
  5. CB3000
  6. User manual

Symbol CB3000 User Manual page 18

Client bridge
Hide thumbs Also See for CB3000:
Table of Contents

Advertisement

1-8
CB3000 Client Bridge User Guide
Table 1.1
summarizes the major differences between the protocols.
Table 1.1 Detailed Comparison of TLS-based EAP Methods
Software
Supported Client Platforms
Authentication Server
Implementations by
Authentication Methods
Protocol Operations
Basic Protocol Structure
Fast Session Reconnect
WEP Integration
PKI and Certificate Processing
Server Certificate
Client Certificate
Certificate Verification
Effect of Private Key
Compromise
Client and User Authentication
Authentication Direction
Protection of User Identity
Exchange
a.TLS is secure, but the requirement for client certificates is too big a hurdle for most institutions to deal
with.
b.TTLS, at least initially, is much more widely implemented than PEAP, and therefore has a slight
convenience advantage over the comparable PEAP method.
c. PEAP uses the TLS channel to protect a second EAP exchange. PEAP is backed by Microsoft.
a
TLS (RFC 2716)
TTLS (Internet draft)
Linux, Mac OS X,
Linux, Mac OS X,
Windows 95/98/ME,
Windows 95/98/ME,
Windows NT/2000/XP
Windows NT/2000/XP
Cisco, Funk, HP,
Funk, Meetinghouse
FreeRADIUS (open
source), Meetinghouse,
Microsoft
Client certificates
Any
Establish TLS session
Two phases:
and validate certificates
• Establish TLS
on both client and server
between client and
TTLS server
• Exchange attribute-
value pairs between
client and server
No
Yes
Server can supply WEP key with external protocol (e.g. RADIUS extension)
Required
Required
Required
Optional
Through certificate chain or OCSP TLS extension (current Internet draft)
Re-issue all server and
Re-issue certificates for servers (and clients if using
client certificates
client certificates in first TLS exchange)
Mutual: Uses digital
Mutual: Certificate for
certificates both ways
server authentication,
and tunneled method for
client
No
Yes; protected by TLS
EAP Type
b
PEAP (Internet draft)
Windows XP
Cisco
Generic token card
Two parts:
• Establish TLS
between client and
PEAP server
• Run EAP exchange
over TLS tunnel
Yes
Required
Optional
Mutual: Certificate for
server, and protected
EAP method for client
Yes; protected by TLS
c

Advertisement

Table of Contents
loading

Related Manuals for Symbol CB3000

Related Products for Symbol CB3000

Table of Contents