EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.

Slides:

Advertisements

Similar presentations

IETF Trade Working Group January 2000 XML Messaging Overview January 2000.

Advertisements

CCNA – Network Fundamentals

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

Intermediate TCP/IP TCP Operation.

Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 3 Transport Layer.

TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.

11 TRANSPORT LAYER PROTOCOLS Chapter 6 TCP and UDP SPX and NCP.

IETF 60 – San Diegodraft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-07 Magnus Westerlund Aravind.

Transport Layer COM211 Communications and Networks CDA College Theodoros Christophides

SIP working group IETF#70 Essential corrections Keith Drage.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

© 2002, Cisco Systems, Inc. All rights reserved..

McGraw-Hill Chapter 23 Process-to-Process Delivery: UDP, TCP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

User Application Control (Keypress Events) SIPPING WG - IETF 53 Robert Fairlie-Cuninghame, Bert Culpepper, Jean-François Mulé.

Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.

Protocols and layering Network protocols and software Layered protocol suites The OSI 7 layer model Common network design issues and solutions.

Application Layer Functionality and Protocols Abdul Hadi Alaidi

The Transport Layer Implementation Services Functions Protocols

Chapter 9: Transport Layer

Fast Retransmit For sliding windows flow control we waited for a timer to expire before beginning retransmission of a packet TCP uses an additional mechanism.

Session-Independent Policies draft-ietf-sipping-session-indep-policy-02 Volker Hilt Jonathan Rosenberg Gonzalo.

Informing AAA about what lower layer protocol is carrying EAP

Open issues with PANA Protocol

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

PANA Issues and Resolutions

PPP – Point to Point Protocol

CS1001 Lecture 8.

IETF-59 P-IMAP Draft Overview ( Stéphane H. Maes – Jean.

PART 5 Transport Layer Computer Networks.

Understand the OSI Model Part 2

ERP extension for EAP Early-authentication Protocol (EEP)

Application Layer Functionality and Protocols

Chapter 6: Transport Layer (Part I)

Networking for Home and Small Businesses – Chapter 6

Understanding the OSI Reference Model

Magda El Zarki Professor, ICS UC, Irvine

Working at a Small-to-Medium Business or ISP – Chapter 7

HTTP: the hypertext transfer protocol

Networking Concepts Module A Copyright Pearson Prentice Hall 2013.

Client-Server Interaction

Networking for Home and Small Businesses – Chapter 6

Working at a Small-to-Medium Business or ISP – Chapter 7

CCNA 2 v3.1 Module 10 Intermediate TCP/IP

IEEE MEDIA INDEPENDENT HANDOVER DCN:

Stream Control Transmission Protocol (SCTP)

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

Working at a Small-to-Medium Business or ISP – Chapter 7

Process-to-Process Delivery:

Reliable Client-Server Communication

TCP and UDP Layer 3 of the TCP/IP protocol stack. Transport layer

Changes to SAE State Machine

PART 5 Transport Layer.

IETF Network Discovery and Selection Overview

Binary Floor Control Protocol BIS (BFCPBIS)

Networking for Home and Small Businesses – Chapter 6

Process-to-Process Delivery: UDP, TCP

Error Checking continued

Presentation transcript:

EAP Applicability IETF-86 Joe Salowey

Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in Network Access

Proposed Retransmission Text 2.1 Retransmission In EAP, the authenticator is responsible for retransmission. By default EAP assumes that the lower layer (the application in this context) is unreliable. The authenticator can send a packet whenever its retransmission timer triggers. In this mode, applications need to be able to receive and process EAP messages at any time during the authentication conversation. Alternatively, EAP permits a lower layer to set the retransmission timer to infinite. When this happens, the lower layer becomes responsible for reliable delivery of EAP messages. Applications that use a lock-step or client-driven authentication protocol might benefit from this approach.

Proposed Retransmission Text In addition to retransmission behavior applications need to deal with discarded EAP messages. For example, whenever some EAP methods receive erroneous input, these methods discard the input rather than generating an error response. If the erroneous input was generated by an attacker, legitimate input can sometimes be received after the erroneous input. Applications MUST handle discarded EAP messages, although the specific way in which discarded messages will be handled depend on the characteristics of the application. Options include failing the authentication at the application level, requesting an EAP retransmit and waiting for additional EAP input. These options may require the EAP methods to notify the application when an EAP message is discarded. Specifications of how EAP is used for application authentication SHOULD document how retransmission and message discards are handled.

Proposed Re-authentication Text 2.2 Re-Authentication EAP lower layers MAY provide a mechanism for re-authentication to happen within an existing session [RFC 3748]. Diameter standardizes a mechanism for a AAA server to request re-authentication [RFC 4005]. Re-authentication permits security associations to be updated without establishing a new session. For network access, this can be important because interrupting network access can disrupt connections and media. Some applications might not need re-authentication support. For example if sessions are relatively short-lived or if sessions can be replaced without significant disruption, re-authentication might not provide value. Protocols like HypertextTransport Protocol (HTTP) and Simple

Proposed Re-authentication Text Mail Transport Protocol (SMTP) are examples of protocols where establishing a new connection to update security associations is likely to be sufficient. Re-authentication is likely to be valuable if sessions or connections are long-lived or if there is a significant cost to disrupting them. Another factor may make re-authentication important. Some protocols only permit one part in a protocol (for example the client) to establish a new connection. If another party in the protocol needs the security association refreshed then re-authentication can provide a mechanism to do so. Applications SHOULD describe whether re-authentication is provided and which parties can initiate it.