EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps)

Slides:



Advertisements
Similar presentations
EAP STATE Machine Proposal
Advertisements

NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-04.txt Charles Shen, Henning Schulzrinne, Sung-Hyuck Lee, Jong Ho Bang IETF#71 – Philadelphia, USA.
EAP State Machines IETF 56 - March 19, 2003 John Vollbrecht Nick Petroni
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
TRILL Link Protocols Donald Eastlake Huawei Technologies July 20141Directory Assist.
July 15, 2002IETF54 PANA WG1 PANA Usage Scenarios Updates (draft-ietf-pana-usage-scenarios-02.txt) Yoshihiro Ohba Subir Das
Network Architecture Dr. Sanjay P. Ahuja, Ph.D FIS Distinguished Professor of Computer Science School of Computing, UNF.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba
November 10, 2003EAP WG, IETF 581 EAP State Machines (draft-ietf-eap-statemachine-01) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba.
(Business) Process Centric Exchanges
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol State Machine Date Submitted: September 13, 2006 Presented at IEEE.
xx IEEE MEDIA INDEPENDENT HANDOVER DCN: xx Title: Benefits of MIH Link Transmission Events (LB Comment #260) Date.
RADEXT WG IETF 91 Rechartering. Why? Current charter doesn’t allow us to take on new work that is waiting in the queue Has an anachronistic Diameter entanglement.
802.1X & EAP State Machines (found at: Jim Burns Paul Congdon Nick Petroni John Vollbrecht.
PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.
Thoughts on KeySec John Viega
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.
CSE 8343 State Machines for Extensible Authentication Protocol Peer and Authenticator.
Mobile IPv6 with IKEv2 and revised IPsec architecture IETF 61
2006/7/10IETF66 RADEXT WG1 Pre-authentication AAA Requirements Yoshihiro Ohba Alper Yegin
Rfc4474bis-03 IETF 92 (Texas) STIR WG Jon. First principles (yet again) Separating the work into two buckets: 1) Signaling – What fields are signed, signer/verifier.
IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.
Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
IEEE MEDIA INDEPENDENT HANDOVER Title: An Architecture for Security Optimization During Handovers Date Submitted: September,
IETF69 PANA WG Victor Fajardo, Yoshihiro Ohba and Rafael Marin Lopez PANA State Machine Issue Resolution (draft-ietf-pana-statemachine-05.txt)
August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,
7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.
San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.
Eap STate machinE dEsign teaM (ESTEEM) Draft Team members Bernard Aboba, Jari Arkko, Paul.
11/20/2002IETF 55 - AAA WG, NASREQ-101 Diameter-Nasreq-10 Dave Mitton, Most recent Document Editor With Contributions from David Spence & Glen Zorn.
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
Transmission of IP Packets over IEEE 802
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
<draft-ohba-pana-framework-00.txt>
Informing AAA about what lower layer protocol is carrying EAP
Open issues with PANA Protocol
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
Media-Independent Pre-authentication (MPA) Framework
PANA Issues and Resolutions
Hokey Architecture Deployment and Implementation
Channel Control Interim substates for adding new slaves
EAP-GEE Lakshminath Dondeti Vidya Narayanan
IEEE 802 OmniRAN EC SG July 2013 Conclusion
Jari Arkko, Henry Haverinen, Joseph Salowey (presented by Pasi Eronen)
Jari Arkko Bernard Aboba
802.1x/EAP state machine status Work in Progress
The need for better security considerations guidance
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
Network Selection Issues
IEEE MEDIA INDEPENDENT HANDOVER DCN:
PANA Implementation in Open Diameter
Balazs Lengyel, Ericsson
EAP State Machines IETF 56 - March 19, 2003
NETMOD IETF 103 Bangkok Nov , 2018
NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-01.txt
NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-04.txt
802.11i Bootstrapping Using PANA
Neighbor Management Policy for 6LoWPAN Signaling and Policy guidelines
YANG Data Models for TE and RSVP draft-ietf-teas-yang-te-21 draft-ietf-teas-yang-rsvp-11 draft-ietf-teas-yang-rsvp-te-07 Tarek Saad, Juniper Networks Rakesh.
Presentation transcript:

EAP State Machines (draft-vollbrecht-eap-state-04.txt,ps) John Vollbrecht, Pasi Eronen, Nick Petroni, Yoshihiro Ohba July 14, 2003 EAP WG, IETF 57

Introduction State machines for Goals EAP peer EAP authenticator Including special cases for passthrough and backend authenticator Goals Make understanding 2284bis easier Work together with 802.1X state machines July 14, 2003 EAP WG, IETF 57

Status Lot of progress since –01 (IETF 56) Version –03 incorporated as informative Annex in IEEE P802.1aa draft 6.1 ”Pre-alpha” implementation by Yoshihiro Ohba for Open Diameter project July 14, 2003 EAP WG, IETF 57

EAP peer July 14, 2003 EAP WG, IETF 57

Peer changes Main changes since –01 (IETF 56) Data flows shown in the diagram (main source of size increase) Silently discard packets that should not occur (main source of complexity) Clarified interfaces to 802.1X July 14, 2003 EAP WG, IETF 57

Peer lower layer interface Lower layer  EAP portEnabled, eapRestart eapReq + eapReqData altAccept / altReject idleWhile (timer) EAP  lower layer eapResp + eapRespData eapNoResp eapSuccess + eapKeyAvailable + eapKeyData eapFail July 14, 2003 EAP WG, IETF 57

Peer method interface EAP  Method Method  EAP eapReqData intCheck (boolean) methodState  {CONT, MAY_CONT, DONE} decision  {FAIL, COND_SUCC, UNCOND_SUCC} allowNotifications (boolean) July 14, 2003 EAP WG, IETF 57

EAP authenticator July 14, 2003 EAP WG, IETF 57

Authenticator changes Main changes since –01 (IETF 56) Data flows shown in the diagram Support switching to passthrough mode Support for backend authenticator Clarified interfaces to 802.1X July 14, 2003 EAP WG, IETF 57

Authenticator lower layer if. Similar to peer, except… Lower layer  EAP eapSRTT + eapRTTVAR EAP  Lower layer eapTimeout (802.1aa needs to distinguish failure caused by timeout and failure caused by something else) July 14, 2003 EAP WG, IETF 57

Authenticator method if. Much more complex than peer! Reasons: Authenticator can propose multiple methods Notifications July 14, 2003 EAP WG, IETF 57

Passthrough The passthrough ”virtual method” converts EAP method signals to AAA protocol and back Supports an authenticator that can authenticate some users locally July 14, 2003 EAP WG, IETF 57

Backend Differences in backend Retransmissions done by passthrough The conversation can start with an EAP Response packet (from backend’s point of view) The ”backend adapter” converts AAA protocol to EAP lower layer signals and back July 14, 2003 EAP WG, IETF 57

Passthrough & backend EAP method Method interface Method interface Authenticator Authenticator Lower layer interface Lower layer interface Lower layer Passthrough ”method” Backend adapter AAA interface AAA interface AAA protocol AAA protocol July 14, 2003 EAP WG, IETF 57

Open issues Degree of formalism We have this notation ”x = FOO | BAR”, meaning that x is set either to FOO or BAR, the choice being determined by logic explained elsewhere. On authenticator, many issues are hidden in Policy.update(..), Policy.isSatisfied(..) and Policy.getNextMethod() calls. Maybe separate ”next method selection” from other Policy stuff? July 14, 2003 EAP WG, IETF 57

Open issues Alignment with 2284bis Lower layer indications There will probably remain some cases where e.g. 2284bis says ”SHOULD” but the state machine does not support the other alternative July 14, 2003 EAP WG, IETF 57

Next steps Wait for 2284bis to be finished, and sync the state machine Create text-only version of state machines for RFC publication Try to clarify authenticator diagram But still keep it on one page… Future uses of EAP and tunnels? July 14, 2003 EAP WG, IETF 57

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.