1 / 9

Background and Introduction

Background and Introduction. Outline. History Scope Administrative. History 1/4. Recent interest in using EAP in various IETF WGs Traditional, network access-related use in PPP, PANA (and IEEE of course) VPN usage in IKEv2

havener
Download Presentation

Background and Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Background and Introduction

  2. Outline • History • Scope • Administrative

  3. History 1/4 • Recent interest in using EAP in various IETF WGs • Traditional, network access-related use in PPP, PANA (and IEEE of course) • VPN usage in IKEv2 • Other kinds of use or proposals in MIP6, DHC, NSIS, ISMS, EAP Multi-Hop Bar BoF, … • Some of this usage may be outside originally intended application of EAP

  4. History 2/4 • EAP co-chairs and ADs were interested in this • What’s the problem? • Why are we seeing such an interest? • What’s the right solution? • Trying to take a step back and analyze the situation

  5. History 3/4 • Deployment problems for security • Effort needed in set-up too much for some cases • Initial plans for security are often (too?) ambitious • In many cases most of the cost in security is in deployment • Example: calculate the investment to upgrade all GSM SIM cards to new ones -- N = 1.5G, process cost per unit ~ 20$ • Increased number of roaming, mobile users • Can not rely on local shared secrets • Technical problems in some of the solutions for securing our protocols

  6. History 4/4 • Functional growth in the IP layer • IPv6 ND does more than ARP • Mobility mechanisms and optimizations • Network access functions • The requirements for security are higher • ... • These issues have led people to look for reuse of security that already exists for other purposes • Don’t have to deploy new credentials • Don’t have to invent new protocols

  7. Some Concrete Examples... • DHCP typically not secured, although security solutions exist for it • Original IPv6 ND security had technical and deployment problems -- later replaced by SEND (but no deployment experience yet) • Mobile IPv6 requires strong security between home agents and mobile nodes; setting this up has proved challenging in practice -- also unable to use existing shared secrets in AAA

  8. Scope for the BoF • Talk about the needs (the problem) in the various WGs • Talk about the different potential solutions (at a high level, no bits) • Goals of this BoF are primary educational: • We learn more about the problems • We learn more about the solutions • Find others who have the same problems

  9. Non-Scope for the BoF • Start protocol work -- this is a one-time discussion forum • Take work over from WGs -- the relevant WGs have the responsibility to develop their own solutions • Argue about EAP applicability rules -- we will mention these but try to focus on high-level solution alternatives rather than a single protocol

More Related