80 likes | 200 Views
IETF-69 EAP Method Update (EMU). Chair: Joseph Salowey. Agenda. Administrivia (5 min) Note takers, blue sheets, agenda bashing Document Status (20 min) EAP-TLS (5 min) EAP-GPSK (15 min) IEEE Liaison Request (20 min) Password based method (75 min) Requirements (10 min) PP-EAP
E N D
IETF-69EAP Method Update(EMU) Chair: Joseph Salowey
Agenda • Administrivia (5 min) • Note takers, blue sheets, agenda bashing • Document Status (20 min) • EAP-TLS (5 min) • EAP-GPSK (15 min) • IEEE Liaison Request (20 min) • Password based method (75 min) • Requirements (10 min) PP-EAP • draft-zhou-emu-pp-eap-01.txt (20 min) • EAP-TTLS - draft-funk-eap-ttls-v0-01.txt (20 min) • Discussion (25 min)
Document Status • EAP-TLS – Ready to go to IESG • EAP-GPSK -- Some open comments • Use of encryption before cipher negotiated • Possible DOS of client issue • Should be able to resolve these soon with security consideration additions
IEEE 802.11u Liaison Request • https://datatracker.ietf.org/documents/LIAISON/file441.doc • This is a liason request to the IETF EAP method update working group for a recommendation of an EAP method for use with emergency calls
Password Based Method Requirements (page 1) • 1. Transport of encrypted password for support of legacy password • databases (REQUIRED) • 2. Mutual authentication (specifically authentication of the server) • (REQUIRED) • 3. resistance to offline dictionary attacks, man-in-the-middle attacks • (REQUIRED) • 4. Compliance with RFC 3748, RFC 4017 and EAP keying (including EMSK and • MSK generation) (REQUIRED) • 5. Peer identity confidentiality (REQUIRED) • 6. Crypto agility and ciphersuite negotiation (REQUIRED)
Password Based Method Requirements (Cont’d) • 7. Session resumption (no password needed) (REQUIRED) • 8. Fragmentation and reassembly (REQUIRED) • 9. Cryptographic binding (REQUIRED if additional inner mechanisms are • supported) • 10. Password/PIN change (DESIRABLE) • 11. Transport Channel binding data (REQUIRED) • 12. Protected result indication (REQUIRED) • 13. Support for certificate validation protocols (DESIRABLE) • 14. Extension mechanism (in support of 10 - 12) (REQUIRED)
Base Proposals • EAP-PP • draft-zhou-emu-pp-eap-01.txt • EAP-TTLS • draft-funk-eap-ttls-v0-01.txt