On Tue, Nov 28, 2006 at 01:45:04PM +0100, Chris Viklund
(LD/EAB) wrote:
> I was pondering though the code for wpa_supplicant
(0.5.6) and I saw
> that when the identity is retrieved, in
eap_sim_get_identity(), (for
> EAP-SIM at least), only the reauthentication or the
pseudonym identity
> is returned. In the RFC for EAP-SIM in section 4.2.1.6
Format of the
> Permanent Username it is stated that the client should
return a
> permanent identity based on the IMSI if the server
requires it. Is there
> a reason for this being omitted in wpa_supplicant?
eap_sim_get_identity() is only used for updating the
identity for
EAP-Response/Identity packet for re-authentication case.
SIM/Start
message can still use pseudonym or permanent username
(usually
IMSI-based) if the server requests it during EAP-SIM
authentication.
In addition, in order to provide identity privacy, the peer
could refuse
to answer with its permanent pseudonym if it has reason to
believe that
the authentication server should know the current pseudonym
or re-auth
identity. I don't think that wpa_supplicant enforces this,
though.
Does this answer your question or have you observed behavior
from
wpa_supplicant where it would not follow this correctly?
--
Jouni Malinen PGP
id EFC895FA
_______________________________________________
HostAP mailing list
HostAP shmoo.com
http:/
/lists.shmoo.com/mailman/listinfo/hostap
|