• Scotty:

    I think we need to clarify that statement and we need to put it on the errata. The type of mutual authentication we focus on in the book is the type that discriminates against the authentication server (AS). However, there are other forms of mutual authentication, academically speaking.

    Bottom line is that an 802.1X/EAP transaction is used for authentication and it results in the derivation of a PMK (through these mutual exchanges). The process of generating the "seeding material" is mutually exclusive from any type of mutual "authentication". In other words, authtication happens based on whatever EAP type that is used; LEAP does not support mutual auth from the perspective we're interested in, but the other methods are at least capable of it.

    Therefore, the EAP type is really mechanism that determines if mutual auth happens...or not. Then, upon successful completion of the EAP authentication, the PMK is derived. PMK = Seeding material for the dynamic encryption keying.

    Does that help?

Page 1 of 1
  • 1