1 / 11

The EAP-PSK Protocol: a Pre-Shared Key EAP Method

The EAP-PSK Protocol: a Pre-Shared Key EAP Method. <draft-bersani-eap-psk-07.txt> F. Bersani , H. Tschofenig. Timeline. -00. -07/ -08. Archie-00. -03. -09. -01. Archie-01. -04/ -05/ -06. IETF-64. -02. Note: EAP Archie was developed by Jesse Walker and Russ Housley

eytan
Download Presentation

The EAP-PSK Protocol: a Pre-Shared Key EAP Method

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The EAP-PSK Protocol: a Pre-Shared Key EAP Method <draft-bersani-eap-psk-07.txt> F. Bersani, H. Tschofenig

  2. Timeline -00 -07/ -08 Archie-00 -03 -09 -01 Archie-01 -04/ -05/ -06 IETF-64 -02 • Note: • EAP Archie was developed by Jesse Walker and Russ Housley • EAP Archie was turned into EAP-PSK

  3. EAP-PSK • Pre-Shared Key • Features: • Only symmetric cryptography • Protected channel + Protected Ciphersuite Negotiation • NO DoS resistance (not needed) • NO Fast Reconnect (not needed) • NO Channel Binding (waiting for resolution) • NO user identity confidentiality • NO fragmentation (not needed)

  4. Status • Review by Jesse Walker • Resolutions available • http://www.tschofenig.com:8080/eap-psk/ • Implementation available

  5. EAP-IKEv2 <draft-tschofenig-eap-ikev2-07.txt> Hannes Tschofenig, Dirk Kroeselberg Yoshi Ohba, Florent Bersani

  6. Timeline -00 -02 -04 -06 -07 -01 -03 -05 IETF-64

  7. EAP-IKEv2 (1/2) • Reuses • IKEv2 authentication, session key establishment, and protection mechanisms • packet formats and work done on IKEv2 • Flexible (as IKEv2), i.e., supports • Symmetric (pre-shared key) techniques • Asymmetric (cert-based) techniques • Hybrid (pre-shared key from client and public key from server)

  8. EAP-IKEv2 (2/2) • Additional features • Fast reconnect • Fragmentation • Channel binding • Active user identity confidentiality for the EAP peer (in certain modes) • Perfect forward secrecy • Establishment of a protected channel

  9. Status • Expert review by Pasi Eronen suggested a number of improvements • Update work in progress • Implementation work ongoing

  10. Questions?

  11. EAP-PSK Overview

More Related