I'm looking into WPA, how it works, why it works, why it better than WEP, etc.
Now, for the authentication with authentication-servers, the EAP protocol is used. There are different varieties of EAP. As far as i can tell, in the EAP
handshake with the server (NOT the EAP 4-way handshake for key generation!)
the identity of the requester is sent in plain-text, unless EAP-TLS is used.
Can anyone confirm this, or am I missing something here?