90 likes | 115 Views
Background and Introduction. Outline. History Scope Administrative. History 1/4. Recent interest in using EAP in various IETF WGs Traditional, network access-related use in PPP, PANA (and IEEE of course) VPN usage in IKEv2
E N D
Outline • History • Scope • Administrative
History 1/4 • Recent interest in using EAP in various IETF WGs • Traditional, network access-related use in PPP, PANA (and IEEE of course) • VPN usage in IKEv2 • Other kinds of use or proposals in MIP6, DHC, NSIS, ISMS, EAP Multi-Hop Bar BoF, … • Some of this usage may be outside originally intended application of EAP
History 2/4 • EAP co-chairs and ADs were interested in this • What’s the problem? • Why are we seeing such an interest? • What’s the right solution? • Trying to take a step back and analyze the situation
History 3/4 • Deployment problems for security • Effort needed in set-up too much for some cases • Initial plans for security are often (too?) ambitious • In many cases most of the cost in security is in deployment • Example: calculate the investment to upgrade all GSM SIM cards to new ones -- N = 1.5G, process cost per unit ~ 20$ • Increased number of roaming, mobile users • Can not rely on local shared secrets • Technical problems in some of the solutions for securing our protocols
History 4/4 • Functional growth in the IP layer • IPv6 ND does more than ARP • Mobility mechanisms and optimizations • Network access functions • The requirements for security are higher • ... • These issues have led people to look for reuse of security that already exists for other purposes • Don’t have to deploy new credentials • Don’t have to invent new protocols
Some Concrete Examples... • DHCP typically not secured, although security solutions exist for it • Original IPv6 ND security had technical and deployment problems -- later replaced by SEND (but no deployment experience yet) • Mobile IPv6 requires strong security between home agents and mobile nodes; setting this up has proved challenging in practice -- also unable to use existing shared secrets in AAA
Scope for the BoF • Talk about the needs (the problem) in the various WGs • Talk about the different potential solutions (at a high level, no bits) • Goals of this BoF are primary educational: • We learn more about the problems • We learn more about the solutions • Find others who have the same problems
Non-Scope for the BoF • Start protocol work -- this is a one-time discussion forum • Take work over from WGs -- the relevant WGs have the responsibility to develop their own solutions • Argue about EAP applicability rules -- we will mention these but try to focus on high-level solution alternatives rather than a single protocol