Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS 1.3 MUST NOT send its username in cleartext in the Identity Response. #98

Open
emanjon opened this issue Dec 15, 2021 · 0 comments
Open

TLS 1.3 MUST NOT send its username in cleartext in the Identity Response. #98

emanjon opened this issue Dec 15, 2021 · 0 comments

Comments

@emanjon
Copy link
Member

emanjon commented Dec 15, 2021
edited
Loading

EAP-TLS 1.3 states

TLS 1.3 MUST NOT send its username in cleartext in the Identity Response.

Should clarify that this also apply if the identity is obtained in another fashion.

RFC 3748

       Identity Request is not required, and MAY be bypassed.  For
       example, the identity may not be required where it is determined
       by the port to which the peer has connected (leased lines,
       dedicated switch or dial-up ports), or where the identity is
       obtained in another fashion (via calling station identity or MAC
       address, in the Name field of the MD5-Challenge Response, etc.).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emanjon