As a well known point on eap-tls, is the eap-identity message from (lets say) a workstantion is exposed in the clear and any packet capture can pick this up.
How does this affect organisations deploying eap-tls and are there any recommend mitigation techniques to use?
If you are using eap-tls, and active directory, this machine name could be in the CN, SAN comparison from the Cisco ACS to AD DC so could be a problem? Not sure?
But the underlying certificate exchange is the real security method here correct? So should I not worry about this?
Many thx and kind regards,