PPTP/MPPE + Smartcards/EAP-TLS: Security?

From: Alex (crolyon@hotmail.com)
Date: 11/27/02 

From: crolyon@hotmail.com (Alex)
Date: 27 Nov 2002 09:45:29 -0800

Hello everyone,

i am just wondering if anyone else has tried to analyze this.
- MPPE even with 128 bit keys in combination with MS-CHAP v1 or v2 has
some security flaws - the main weakness being the fact that the
master-keys for encryption are generated using the User's password.
This fact remains, although the generation process is pretty
complicated. Weak passwords make this system insecure.
- If combined with EAP-TLS, MPPE's master-keys are generated from the
so called master-secret, which was generated by the EAP-Server and
then sent in a secure way (using public-key mechanisms) from the
EAP-server to the client during the mutual Authentication with TLS. No
weak Password here.
(for details, take a look at RFC 3079 :-))

My conclusion:
TLS is regarded to be secure as far as i know. Thus the main weakness
of MPPE is solved by not using MS-CHAP but Smartcards. This means if i
already have a PKI and use Smartcards for Kerberos-Authentication with
W2k/XP i can create a pretty secure VPN with a Windows 2000 RRAS using
PPTP/MPPE 128 bit and EAP-TLS, right? ... and don't have to worry
about not being able to use NAT at all (as with IPSec/IKE
NAT-Traversal when using L2TP/IPSec now).
A solution with 1 RAS-Rule that permits PPTP _only_ in combination
with Smartcards and another Rule for L2TP/IPSec that also maybe allows
MS-Chap v2 seems to be ideal, if you generally want to use the better
L2TP/IPSec and PPTP just where NAT-Traversal is needed... at least
until .NET

Any comments, thoughts, input is greatly appreciated :-)

Alex