August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen.

Slides:



Advertisements
Similar presentations
Crash course on SSL/TLS Ran Canetti December 2009 ( Based on slided by Jörg Schwenk)
Advertisements

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
EAP-Only Authentication in IKEv2 draft-eronen-ipsec-ikev2-eap-auth
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.
AAA Mobile IPv6 Application Framework draft-yegin-mip6-aaa-fwk-00.txt Alper Yegin IETF 61 – 12 Nov 2004.
Overview of proposed EAP methods, credential types, and uses Pasi Eronen IETF64 EMU BoF November 10 th, 2005.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Protected Extensible Authentication Protocol
IEEE Wireless Local Area Networks (WLAN’s).
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Basavaraj Patil IETF 78.  Implementation details: Implemented on Nokia N900 and Ubuntu 10, and Debian 5 linux variants TLS connection is established.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
Eugene Chang EMU WG, IETF 70
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
SIP working group IETF#70 Essential corrections Keith Drage.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
Thoughts on KeySec John Viega
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Revising RFC 3775 MEXT WG, IETF 70 Vijay Devarapalli
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
7/27/2004IETF San-Diego Plenary meeting 8/2004 EPON MIBs Lior Khermosh – Passave Technologies
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.
Draft-melia-mipshop-mobility-services-ps-01.txt. From IETF #66 Discuss MIH PS (as expressed by the WG chair) Need a single PS at WG level (several drafts.
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
San Diego, August 2004 IETF 60 th – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-01) Gerardo Giaretta.
CMSC 414 Computer and Network Security Lecture 27 Jonathan Katz.
TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.
August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
1 SECMECH BOF EAP Methods IETF-63 Jari Arkko. 2 Outline Existing EAP methods Technical requirements EAP WG process for new methods Need for new EAP methods.
MIP6 RADIUS IETF-72 Update draft-ietf-mip6-radius-05.txt A. LiorBridgewater Systems K. ChowdhuryStarent Networks H. Tschofenig Nokia Siemens Networks.
SPPP Transport Session Peering Provisioning Protocol draft-ietf-drinks-sppp-over-soap-04.
Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.
August 4, 2004EAP WG, IETF 601 Authenticated service identities for EAP (draft-arkko-eap-service-identity-auth-00) Jari Arkko Pasi Eronen.
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
Using BGP to Bind MPLS Labels to Address Prefixes draft-rosen-idr-rfc3107bis-00 Eric Rosen (presented by Ross Callon) IETF 95 MPLS WGdraft-rosen-idr-rfc3107bis-001.
Windows 10 Common VPN Error Tech Support Number
CAPWAP Threat Analysis
Informing AAA about what lower layer protocol is carrying EAP
Open issues with PANA Protocol
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen)
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
Diameter ABFAB Application
Presentation transcript:

August 2, 2005EAP WG, IETF 631 EAP-IKEv2 review Pasi Eronen

August 2, 2005EAP WG, IETF 632 Summary I like the overall approach, but the protocol is not even close to being ready yet –Many details missing –In some places it’s pretty obvious the protocol just can’t work as described

August 2, 2005EAP WG, IETF 633 Mostly fixed in -07 Inaccurate comparison to EAP-TLS –EAP-TLS is essentially carrying TLS messages inside EAP messages (instead of TCP) –The messages are still valid TLS messages EAP-IKEv2 is not carrying IKEv2 inside EAP –It’s a new protocol whose messages resemble IKEv2 a lot, but they’re not valid IKEv2 messages –Both syntax and semantics are different

August 2, 2005EAP WG, IETF 634 Examples of missing or broken things Fragmentation text assumes we can simply split message to N fragments and send them –But EAP is a “lock-step” protocol – description of how fragments are ACK’d is missing It’s not specified how authenticating both parties using a shared secret works –And no, “same way as in IKEv2” is not the right answer in this case…

August 2, 2005EAP WG, IETF 635 Examples of missing or broken things (cont.) Fast reconnect: 1 st message is encrypted by the server… but how does the server know which key to use? –Several possible solutions exist, but none of them is described in te document Not described what happens if fast reconnect fails because client has forgotten the SA Channel bindings not specified in a way that would allow interoperable implementations –If this document doesn’t say what the payloads contain, it must provide a normative reference

August 2, 2005EAP WG, IETF 636 Next steps Finish the protocol –Significant amount of both technical and editorial work needed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.