1 / 8

IETF-69 EAP Method Update (EMU)

IETF-69 EAP Method Update (EMU). Chair: Joseph Salowey. Agenda. Administrivia (5 min) Note takers, blue sheets, agenda bashing Document Status (20 min) EAP-TLS (5 min) EAP-GPSK (15 min) IEEE Liaison Request (20 min) Password based method (75 min) Requirements (10 min) PP-EAP

Download Presentation

IETF-69 EAP Method Update (EMU)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IETF-69EAP Method Update(EMU) Chair: Joseph Salowey

  2. Agenda • Administrivia (5 min) • Note takers, blue sheets, agenda bashing • Document Status (20 min) • EAP-TLS (5 min) • EAP-GPSK (15 min) • IEEE Liaison Request (20 min) • Password based method (75 min) • Requirements (10 min) PP-EAP • draft-zhou-emu-pp-eap-01.txt (20 min) • EAP-TTLS - draft-funk-eap-ttls-v0-01.txt (20 min) • Discussion (25 min)

  3. Document Status • EAP-TLS – Ready to go to IESG • EAP-GPSK -- Some open comments • Use of encryption before cipher negotiated • Possible DOS of client issue • Should be able to resolve these soon with security consideration additions

  4. IEEE 802.11u Liaison Request • https://datatracker.ietf.org/documents/LIAISON/file441.doc • This is a liason request to the IETF EAP method update working group for a recommendation of an EAP method for use with emergency calls

  5. Password Based Method Requirements (page 1) • 1. Transport of encrypted password for support of legacy password • databases (REQUIRED) • 2. Mutual authentication (specifically authentication of the server) • (REQUIRED) • 3. resistance to offline dictionary attacks, man-in-the-middle attacks • (REQUIRED) • 4. Compliance with RFC 3748, RFC 4017 and EAP keying (including EMSK and • MSK generation) (REQUIRED) • 5. Peer identity confidentiality (REQUIRED) • 6. Crypto agility and ciphersuite negotiation (REQUIRED)

  6. Password Based Method Requirements (Cont’d) • 7. Session resumption (no password needed) (REQUIRED) • 8. Fragmentation and reassembly (REQUIRED) • 9. Cryptographic binding (REQUIRED if additional inner mechanisms are • supported) • 10. Password/PIN change (DESIRABLE) • 11. Transport Channel binding data (REQUIRED) • 12. Protected result indication (REQUIRED) • 13. Support for certificate validation protocols (DESIRABLE) • 14. Extension mechanism (in support of 10 - 12) (REQUIRED)

  7. Base Proposals • EAP-PP • draft-zhou-emu-pp-eap-01.txt • EAP-TTLS • draft-funk-eap-ttls-v0-01.txt

  8. Discussion

More Related