A Technical Comparison of TTLS and PEAP
Subject:   Funk Software RADIUS support MS-CHAP-V2 in Solaris
Date:   2003-10-04 09:40:16
From:   pppeterd
Response to: Funk Software RADIUS support MS-CHAP-V2 in Solaris

TTLS and PEAP are functionally similiar. TTLS encodes data in RADIUS AVPs while PEAP is just another EAP session instead of a TLS(SSL) tunnel.

There are some opportunities for PEAP to be more secure than TTLS. The latest drafts establish a cryptographic binding between the TLS channel and the authentication protocol itself (For example MSCHAPv2) making some man-in-the-middle attacks harder to pull off.

Anyway lots of RADIUS servers are starting to support PEAP and or TTLS. SBR, Interlink, RadiusNT/X, Radiator..etc. PEAPs big advantage in the market can be summed up with one word.. "Microsoft". There are client options for TTLS, and some of them may be free.. But it boils down to some 90 something percent of clients running a MS operating system who already have the required software installed.