Hi,
> I don't support the idea of making ttls the default eap type in FR
> mainline.
> That is at the wrong level.
well, looking at it from the wireless side, I'd say its the right place
as such a method is more common than MD5 (peap and ttls are more prevalent)
and TTLS is the first supported method in eg 802.11u/HS2.0/passpoint - so
is more likely to be the choice of clients asking for EAP.
> The right place for this is in the moonshot code.
well, for moonshot the right thing is to NAK what the server offers and
go for TTLS.... thats in addition to the RADIUS side of things 8-)
(I'd prefer FR to be more secure out of the box.. NPS is after all... ;) )
alan
|