advertisement

Article:
  A Technical Comparison of TTLS and PEAP
Subject:   Clarifications
Date:   2003-04-18 09:44:23
From:   anonymous2
The article was a good start. There are some inaccuracies; and probably things have changed since the article was written.


I didn't see the advantages in TTLS claimed in the article.


This is what I found out which is different than mentioned in the article.


PEAP is authored by Cisco, MS, RSA.
PEAP seems to be available from more vendors than TTLS.
PEAP RADIUS servers are available from Microsoft, Funk, Meetinghouse (Windows and Linux), Cisco, Radiator.
PEAP clients are available on many systems including Win95/98/ME, NT, 2000/XP, Pocket PC 2002.

TTLS supports 3 choices for password authentication(PAP, CHAP, MSCHAPv2) and PEAP supports one (MSCHAPv2). I probably don't need three.


Cisco PEAP supports One-time-passwords. Microsoft PEAP supports passwords; and allows other vendors to provide EAP methods that work inside PEAP. TTLS supports passwords and one-time-passwords.


Microsoft PEAP supports authentication of machines or users. Machine verification seems useful in certain situations.

Main Topics Oldest First

Showing messages 1 through 2 of 2.

  • regarding TTLS : AVP's format
    2004-03-16 22:49:04  useme1 [Reply | View]

    Can you people please guide me on how to encapsulate PAP,CHAP,MS-CHAP messages in AVP formats.

    I am a new bee to this EAP-TLS and TTLS.

    Any useful documents or open source for the same would be of great help

    Much Thanks
  • Clarifications
    2003-05-16 14:39:46  anonymous2 [Reply | View]

    Hmmm... MSCHAPv2 which requires a database that supports MSCHAPv2 or passwords stored in plain-text. Therefore no authenticating PEAP to LDAP or SQL(unless sql database supports MSCHAPv2). That alone gives the edge to TTLS. There's a free TTLS client for W2k/XP from http://www.alfa-ariss.com