ietf-69 eap method update (emu)
DESCRIPTION
IETF-69 EAP Method Update (EMU). Chair: Joseph Salowey. Agenda. Administrivia (5 min) Note takers, blue sheets, agenda bashing Document Status (20 min) EAP-TLS (5 min) EAP-GPSK (15 min) IEEE Liaison Request (20 min) Password based method (75 min) Requirements (10 min) PP-EAP - PowerPoint PPT PresentationTRANSCRIPT
IETF-69EAP Method Update
(EMU)Chair: Joseph Salowey
Agenda
• Administrivia (5 min) – Note takers, blue sheets, agenda bashing
• Document Status (20 min) – EAP-TLS (5 min) – EAP-GPSK (15 min)
• IEEE Liaison Request (20 min) • Password based method (75 min)
– Requirements (10 min) PP-EAP – draft-zhou-emu-pp-eap-01.txt (20 min) – EAP-TTLS - draft-funk-eap-ttls-v0-01.txt (20 min) – Discussion (25 min)
Document Status
• EAP-TLS – Ready to go to IESG
• EAP-GPSK -- Some open comments– Use of encryption before cipher negotiated– Possible DOS of client issue– Should be able to resolve these soon with
security consideration additions
IEEE 802.11u Liaison Request
• https://datatracker.ietf.org/documents/LIAISON/file441.doc
• This is a liason request to the IETF EAP method update working group for a recommendation of an EAP method for use with emergency calls
Password Based Method Requirements (page 1)
• 1. Transport of encrypted password for support of legacy password• databases (REQUIRED)• 2. Mutual authentication (specifically authentication of the server)• (REQUIRED)• 3. resistance to offline dictionary attacks, man-in-the-middle attacks• (REQUIRED)• 4. Compliance with RFC 3748, RFC 4017 and EAP keying
(including EMSK and• MSK generation) (REQUIRED)• 5. Peer identity confidentiality (REQUIRED)• 6. Crypto agility and ciphersuite negotiation (REQUIRED)
Password Based Method Requirements (Cont’d)
• 7. Session resumption (no password needed) (REQUIRED)
• 8. Fragmentation and reassembly (REQUIRED)• 9. Cryptographic binding (REQUIRED if additional inner
mechanisms are• supported)• 10. Password/PIN change (DESIRABLE)• 11. Transport Channel binding data (REQUIRED)• 12. Protected result indication (REQUIRED) • 13. Support for certificate validation protocols
(DESIRABLE)• 14. Extension mechanism (in support of 10 - 12)
(REQUIRED)
Base Proposals
• EAP-PP– draft-zhou-emu-pp-eap-01.txt
• EAP-TTLS– draft-funk-eap-ttls-v0-01.txt
Discussion