IETF-69EAP Method Update

(EMU)Chair: Joseph Salowey

Agenda

• Administrivia (5 min) – Note takers, blue sheets, agenda bashing

• Document Status (20 min) – EAP-TLS (5 min) – EAP-GPSK (15 min)

• IEEE Liaison Request (20 min) • Password based method (75 min)

– Requirements (10 min) PP-EAP – draft-zhou-emu-pp-eap-01.txt (20 min) – EAP-TTLS - draft-funk-eap-ttls-v0-01.txt (20 min) – Discussion (25 min)

Document Status

• EAP-TLS – Ready to go to IESG

• EAP-GPSK -- Some open comments– Use of encryption before cipher negotiated– Possible DOS of client issue– Should be able to resolve these soon with

security consideration additions

IEEE 802.11u Liaison Request

• https://datatracker.ietf.org/documents/LIAISON/file441.doc

• This is a liason request to the IETF EAP method update working group for a recommendation of an EAP method for use with emergency calls

Password Based Method Requirements (page 1)

• 1. Transport of encrypted password for support of legacy password• databases (REQUIRED)• 2. Mutual authentication (specifically authentication of the server)• (REQUIRED)• 3. resistance to offline dictionary attacks, man-in-the-middle attacks• (REQUIRED)• 4. Compliance with RFC 3748, RFC 4017 and EAP keying

(including EMSK and• MSK generation) (REQUIRED)• 5. Peer identity confidentiality (REQUIRED)• 6. Crypto agility and ciphersuite negotiation (REQUIRED)

Password Based Method Requirements (Cont’d)

• 7. Session resumption (no password needed) (REQUIRED)

• 8. Fragmentation and reassembly (REQUIRED)• 9. Cryptographic binding (REQUIRED if additional inner

mechanisms are• supported)• 10. Password/PIN change (DESIRABLE)• 11. Transport Channel binding data (REQUIRED)• 12. Protected result indication (REQUIRED) • 13. Support for certificate validation protocols

(DESIRABLE)• 14. Extension mechanism (in support of 10 - 12)

(REQUIRED)

Base Proposals

• EAP-PP– draft-zhou-emu-pp-eap-01.txt

• EAP-TTLS– draft-funk-eap-ttls-v0-01.txt

Discussion