Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF-70 EAP Method Update (EMU)

Published byElisabeth Brooks Modified over 5 years ago

Similar presentations

Presentation on theme: "IETF-70 EAP Method Update (EMU)"— Presentation transcript:

1 IETF-70 EAP Method Update (EMU)
Chair: Joe Salowey

2 Agenda 1. Administrivia (5 min) 2. Draft updates (10 min)
3. Charter Discussion (40 min) 4. Tunneling Method presentations (30 min) - EAP-TTLS (15 min) (Steve Hanna) - EAP-FAST (15 min) (Gene Chang) 5. Tunneling methods Requirements Discussion (60 min)

3 Charter Update

4 Charter Revision Summary
Add charter item for tunnel EAP method Modify password based item to make use of tunnel method Modify "enhanced TLS" item to focus on adding channel bindings to a TLS based mechanism Updated milestones Include requirements draft milestone

5 Charter Update - A mechanism to support extensible communication within a TLS protected tunnel to support meeting the requirements of an enhanced TLS mechanism, a password based authentication mechanism, and to support additional inner authentication mechanisms. This mechanism must be capable of supporting channel bindings.

6 Charter Update Cont. - Enhanced functionality to enable a TLS-based EAP method to support channel bindings. So as to enable RFC 2716bis to focus solely on clarifications to the existing protocol, this effort will be handled in a separate document. This item should not generate a separate method rather it should be based on EAP-TLS or the TLS based tunnel method in preceding deliverable.

7 Charter Update Cont. - A mechanism that makes use of existing password databases such as AAA databases. This item will make use of the above tunnel method.

8 Charter Milestones Dec 2007 Submit Strong Shared Secret Mechanism to IESG Feb 2008 Tunnel Method requirements first draft submitted May 2008 Tunnel Method first draft submitted June 2008 Submit Password method extensions to tunnel method June 2008 Submit Extended TLS method extensions to tunnel method Mar 2009 Submit Tunnel Method to IESG Apr 2009 Submit Enhanced EAP-TLS to IESG Apr 2009 Submit Password based method to IESG

9 Tunnel Method Presentations

10 Tunnel Method Requirements

11 Requirements Areas 1. Changes to current requirements (required to meet 3748, 4017, eap keying etc.) 2. Tunneling EAP methods for authentication (eg, chaining, result indication, etc.) 3. Additional data that needs to be tunneled (channel binding, etc.) 4. Extensibility 5. Additional requirements for the tunnel itself

12 Requirements from Password Method
1. Transport of encrypted password for support of legacy password databases (REQUIRED) 2. Mutual authentication (specifically authentication of the server) (REQUIRED) 3. resistance to offline dictionary attacks, man-in-the-middle attacks 4. Compliance with RFC 3748, RFC 4017 and EAP keying (including EMSK and MSK generation) (REQUIRED) 5. Peer identity confidentiality (REQUIRED) 6. Crypto agility and ciphersuite negotiation (REQUIRED) 7. Session resumption (no password needed) (REQUIRED) 8. Fragmentation and reassembly (REQUIRED) 9. Cryptographic binding (REQUIRED if additional inner mechanisms are supported) 10. Password/PIN change (DESIRABLE) 11. Transport Channel binding data (REQUIRED) 12. Protected result indication (REQUIRED) 13. Support for certificate validation protocols (DESIRABLE) 14. Extension mechanism (in support of ) (REQUIRED)

13 Charter Update All mechanisms standardized by this group must meet RFC 3748, RFC 4017, and EAP keying requirements (pending RFC status). This group is chartered to work on the following types of mechanisms:

14 Charter Update

15 Requirements TLS community review Privacy Protection of EAP headers
Internationalization must be consistent with NAI, human typed passwords, and prompts. Consider errors and other indications. Constrained devices

Download ppt "IETF-70 EAP Method Update (EMU)"

Similar presentations

EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.

EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.
EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16, 2003 1300 - 1500.

July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.

EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.
Eugene Chang EMU WG, IETF 70

Eugene Chang EMU WG, IETF 70
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.

EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd

IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba

EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
Doc.: IEEE 802.11-01/495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.

EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.
Doc.: IEEE 802.11-13/0862r0 Submission July 2013 Dorothy Stanley, Aruba NetworksSlide 1 IEEE 802.11-IETF Liaison Report Date: 2013-07-17 Authors:

Doc.: IEEE /0862r0 Submission July 2013 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.

PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.
EAP Method Update (EMU) IETF-80 Chairs: Joe Salowey Alan DeKok.

EAP Method Update (EMU) IETF-80 Chairs: Joe Salowey Alan DeKok.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.

November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-10-0029-00-0Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.

EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
NEA Working Group IETF meeting July 27, 2010 Co-chairs: Steve Hanna

NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna

Similar presentations

Ads by Google