eap Mailing List: Confidentiality of TLS keying information for wireless

Confidentiality of TLS keying information for wireless	<– Date –> <– Thread –>
From: Frank Akujobi (fakujobisce.carleton.ca)
Date: Mon, 9 Aug 2004 11:11:50 -0400 (EDT)

Hi,
I have a couple of questions concerning wireless clients using EAP-TLS
authentication against a radius server:

1. Are all the TLS session negotiations between supplicant (on the
client) and authenticator (AP) sent in the clear? In other words is there
any form of confidentiality for TLS keying information?

2. If there is none, what prevents a potential attacker from listening
in on TLS sessions and eventually gathering enough information (like the
session key and eventually WEP keys) to launch a man-in-the-middle attack?

Thanks,

Frank Akujobi, M.A.Sc.
Network Analyst
Computing and Communications Services
Carleton University
(613) 520-2600 x 2291

Confidentiality of TLS keying information for wireless Frank Akujobi, August 9 2004
- Re: Confidentiality of TLS keying information for wireless Bernard Aboba, August 9 2004
  - RE: Re: Confidentiality of TLS keying information for wireless Frank Akujobi, August 9 2004
    - RE: Re: Confidentiality of TLS keying information for wireless Bernard Aboba, August 10 2004
- RE: Confidentiality of TLS keying information for wireless Tschofenig Hannes, August 10 2004

Results generated by Tiger Technologies using MHonArc.

eap Mailing List
View Index by: Date - Thread - Author