120 likes | 372 Views
The EAP-PSK Protocol: a Pre-Shared Key EAP Method. <draft-bersani-eap-psk-07.txt> F. Bersani , H. Tschofenig. Timeline. -00. -07/ -08. Archie-00. -03. -09. -01. Archie-01. -04/ -05/ -06. IETF-64. -02. Note: EAP Archie was developed by Jesse Walker and Russ Housley
E N D
The EAP-PSK Protocol: a Pre-Shared Key EAP Method <draft-bersani-eap-psk-07.txt> F. Bersani, H. Tschofenig
Timeline -00 -07/ -08 Archie-00 -03 -09 -01 Archie-01 -04/ -05/ -06 IETF-64 -02 • Note: • EAP Archie was developed by Jesse Walker and Russ Housley • EAP Archie was turned into EAP-PSK
EAP-PSK • Pre-Shared Key • Features: • Only symmetric cryptography • Protected channel + Protected Ciphersuite Negotiation • NO DoS resistance (not needed) • NO Fast Reconnect (not needed) • NO Channel Binding (waiting for resolution) • NO user identity confidentiality • NO fragmentation (not needed)
Status • Review by Jesse Walker • Resolutions available • http://www.tschofenig.com:8080/eap-psk/ • Implementation available
EAP-IKEv2 <draft-tschofenig-eap-ikev2-07.txt> Hannes Tschofenig, Dirk Kroeselberg Yoshi Ohba, Florent Bersani
Timeline -00 -02 -04 -06 -07 -01 -03 -05 IETF-64
EAP-IKEv2 (1/2) • Reuses • IKEv2 authentication, session key establishment, and protection mechanisms • packet formats and work done on IKEv2 • Flexible (as IKEv2), i.e., supports • Symmetric (pre-shared key) techniques • Asymmetric (cert-based) techniques • Hybrid (pre-shared key from client and public key from server)
EAP-IKEv2 (2/2) • Additional features • Fast reconnect • Fragmentation • Channel binding • Active user identity confidentiality for the EAP peer (in certain modes) • Perfect forward secrecy • Establishment of a protected channel
Status • Expert review by Pasi Eronen suggested a number of improvements • Update work in progress • Implementation work ongoing