IETF-70 EAP Method Update (EMU)

Slides:



Advertisements
Similar presentations
EAP Scenarios and 802.1af Joseph Salowey 1/12/2006.
Advertisements

EAP AKA Jari Arkko, Ericsson Henry Haverinen, Nokia.
July 16, 2003AAA WG, IETF 571 AAA WG Meeting IETF 57 Vienna, Austria Wednesday, July 16,
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
EAP Mutual Cryptographic Binding draft-ietf-karp-ops-model-03 draft-ietf-karp-ops-model-03 S. Hartman M. Wasserman D. Zhang.
Eugene Chang EMU WG, IETF 70
EMU BOF EAP Method Requirements Bernard Aboba Microsoft Thursday, November 10, 2005 IETF 64, Vancouver, CA.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
IETF Trade WG Adelaide, South Australia 29 March 2000 Donald E. Eastlake, 3rd
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
EAP Method Update (EMU) IETF-79 Chairs Joe Salowey Alan DeKok.
Doc.: IEEE /0862r0 Submission July 2013 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.
EAP Method Update (EMU) IETF-80 Chairs: Joe Salowey Alan DeKok.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.
EAP-FAST Version 2 draft-zhou-emu-eap-fastv2-00.txt Hao Zhou Nancy Cam-Winget Joseph Salowey Stephen Hanna March 2011.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
1 Pascal URIEN, IETF 63th Paris, France, 2nd August 2005 “draft-urien-eap-smartcard-type-02.txt” EAP Smart Card Protocol (EAP-SC)
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.
RObust Header Compression WG (ROHC) 66 th IETF Montreal, Canada, July 11, 2006 Meeting Chair: Carsten Bormann WG Chair: Lars-Erik Jonsson.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
1 EAP-MAKE2: EAP method for Mutual Authentication and Key Establishment, v2 EMU BoF Michaela Vanderveen IETF 64 November 2005.
IETF-84 EMU TEAP Updates Nancy Joseph Salowey Hao Zhou
Doc.: IEEE /0122r0 Submission January 2012 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
Richard EAP-WAI Authentication Protocol Stockholm, IETF 75th draft-richard-emu-wai-00.
RADEXT WG RADIUS Attributes for WLAN Draft-aboba-radext-wlan-00.txt
IETF Provisioning of Symmetric Keys (keyprov) WG Update
Phil Hunt, Hannes Tschofenig
Katrin Hoeper Channel Bindings Katrin Hoeper
IEEE IETF Liaison Report
for IP Mobility Protocols
Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.
ERP extension for EAP Early-authentication Protocol (EEP)
IP Telephony (iptel) IETF 56
draft-ietf-geopriv-lbyr-requirements-02 status update
The Tunneled Extensible Authentication Method (TEAM)
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
SECMECH BOF EAP Methods
CSE 4095 Transport Layer Security TLS
OpenID Enhanced Authentication Profile (EAP) Working Group
Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008
Chairs: Joe Salowey Info: Emu Picture - Emu Face | by JLplusAL Emu Face | by JLplusAL -
IEEE IETF Liaison Report
draft-ipdvb-sec-01.txt ULE Security Requirements
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
Binary Floor Control Protocol BIS (BFCPBIS)
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE IETF Liaison Report
IEEE MEDIA INDEPENDENT HANDOVER DCN:
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
OpenID Enhanced Authentication Profile (EAP) Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
Agenda Wednesday, March 30, :00 – 11:30 AM
An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev
OpenID Enhanced Authentication Profile (EAP) Working Group
Presentation transcript:

IETF-70 EAP Method Update (EMU) Chair: Joe Salowey (jsalowey@cisco.com)

Agenda 1. Administrivia (5 min) 2. Draft updates (10 min) 3. Charter Discussion (40 min) 4. Tunneling Method presentations (30 min) - EAP-TTLS (15 min) (Steve Hanna) - EAP-FAST (15 min) (Gene Chang) 5. Tunneling methods Requirements Discussion (60 min)

Charter Update

Charter Revision Summary Add charter item for tunnel EAP method Modify password based item to make use of tunnel method Modify "enhanced TLS" item to focus on adding channel bindings to a TLS based mechanism Updated milestones Include requirements draft milestone

Charter Update - A mechanism to support extensible communication within a TLS protected tunnel to support meeting the requirements of an enhanced TLS mechanism, a password based authentication mechanism, and to support additional inner authentication mechanisms. This mechanism must be capable of supporting channel bindings.

Charter Update Cont. - Enhanced functionality to enable a TLS-based EAP method to support channel bindings. So as to enable RFC 2716bis to focus solely on clarifications to the existing protocol, this effort will be handled in a separate document. This item should not generate a separate method rather it should be based on EAP-TLS or the TLS based tunnel method in preceding deliverable.

Charter Update Cont. - A mechanism that makes use of existing password databases such as AAA databases. This item will make use of the above tunnel method.

Charter Milestones Dec 2007 Submit Strong Shared Secret Mechanism to IESG Feb 2008 Tunnel Method requirements first draft submitted May 2008 Tunnel Method first draft submitted June 2008 Submit Password method extensions to tunnel method June 2008 Submit Extended TLS method extensions to tunnel method Mar 2009 Submit Tunnel Method to IESG Apr 2009 Submit Enhanced EAP-TLS to IESG Apr 2009 Submit Password based method to IESG

Tunnel Method Presentations

Tunnel Method Requirements

Requirements Areas 1. Changes to current requirements (required to meet 3748, 4017, eap keying etc.) 2. Tunneling EAP methods for authentication (eg, chaining, result indication, etc.) 3. Additional data that needs to be tunneled (channel binding, etc.) 4. Extensibility 5. Additional requirements for the tunnel itself

Requirements from Password Method 1. Transport of encrypted password for support of legacy password databases (REQUIRED) 2. Mutual authentication (specifically authentication of the server) (REQUIRED) 3. resistance to offline dictionary attacks, man-in-the-middle attacks 4. Compliance with RFC 3748, RFC 4017 and EAP keying (including EMSK and MSK generation) (REQUIRED) 5. Peer identity confidentiality (REQUIRED) 6. Crypto agility and ciphersuite negotiation (REQUIRED) 7. Session resumption (no password needed) (REQUIRED) 8. Fragmentation and reassembly (REQUIRED) 9. Cryptographic binding (REQUIRED if additional inner mechanisms are supported) 10. Password/PIN change (DESIRABLE) 11. Transport Channel binding data (REQUIRED) 12. Protected result indication (REQUIRED) 13. Support for certificate validation protocols (DESIRABLE) 14. Extension mechanism (in support of 10 - 12) (REQUIRED)

Charter Update All mechanisms standardized by this group must meet RFC 3748, RFC 4017, and EAP keying requirements (pending RFC status). This group is chartered to work on the following types of mechanisms:

Charter Update

Requirements TLS community review Privacy Protection of EAP headers Internationalization must be consistent with NAI, human typed passwords, and prompts. Consider errors and other indications. Constrained devices