EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao

Slides:



Advertisements
Similar presentations
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Proposal for adding a key hierarchy based approach in the security.
Advertisements

IETF 71: NETLMM Working Group – Proxy Mobile IPv6 1 Proxy Mobile IPv6 111 draft-ietf-netlmm-proxymip6-11.txt IETF 71: NETLMM Working Group – Proxy Mobile.
71 th IETF – Philadelphia, USA March 2008 PCECP Requirements and Protocol Extensions in Support of Global Concurrent Optimization Young Lee (Huawei) J-L.
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
EAP Channel Bindings Charles Clancy Katrin Hoeper IETF 76 Hiroshima, Japan November 08-13, 2009.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
ERP for IKEv2 draft-nir-ipsecme-erx-01. Why ERP for IKEv2? RFC 5296 and the bis document define a quick re- authentication protocol for EAP. ERP requires.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
Automatic Router Configuration Protocol (ARCP) v1.1, 18 Nov Jeb Linton, EarthLink
xxx IEEE MEDIA INDEPENDENT HANDOVER DCN: xxx Title: Proposal for adding a key hierarchy based approach in the security.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
1 May 14, 2007 Zhibi Wang, Simon Mizikovsky – Alcatel-Lucent Vidya Narayanan, Anand Palanigounder – QUALCOMM ABSTRACT: Access authentication architecture.
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
RFC5296BIS CHANGES PROPOSAL Sebastien Decugis. Presentation outline  Quick reminder on ERP (RFC5296)  2 change proposals  Problem description  Solution.
Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.
Hokey IETF 81 Quebec1 EAP Extensions for EAP Re- authentication Protocol draft-ietf-hokey-rfc5296bis-04 Qin Wu Zhen Cao Yang Shi Baohong He.
Slide 1/4 03/29/ rd IETF Paris, France, March 25-30, 2012 “EAP support in smartcards” draft-urien-eap-smartcard-22.txt.
1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.
Diameter Group Signaling Thursday, November 07 th, 2013 draft-ietf-dime-group-signaling-02 Mark Jones, Marco Liebsch, Lionel Morand IETF 88 Vancouver,
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
March 15, 2005 IETF #62 Minneapolis1 EAP Discovery draft-adrangi-eap-network-discovery-10.txt Farid Adrangi ( )
CLUE framework updates IETF 85, Atlanta. “Capture encoding” “Capture encoding” was term agreed by the list to define a specific instantiation of a media.
I2RS draft-rfernando-yang-mods.txt I2RS Yang Extensions draft-rfernando-yang-data-mods R.Fernando, P.Chinnakannan, M.Madhayyan, A.Clemm.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
IETF GEOPRIV Status Richard L. Barnes BBN Technologies GEOPRIV Secretary Emergency Services Workshop October 2008.
Draft-barnes-geopriv-policy-uri. -03 (err… -02) We updated the draft (-02) in early September – … and forgot to post it We updated it again (-03) right.
DNS Discovery Discussion Report Draft-ietf-ipngwg-dns-discovery-01.txt.
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Glen Zorn Qin Wu Zhen Cao.
ERP/AAK support for Inter-AAA realm handover discussion Hao Wang, Tina Tsou, Richard.
The original Internationalized Domain Name (IDN) WG set the requirements for international characters in domain names in RFC 3454, RFC3490, RFC3491 and.
Mobility for IP: Performance, Signaling and Handoff Optimization (MIPSHOP) IETF 73, November 2008 Vijay Devarapalli
AutoDESA Presentation Project Documentation October 2005.
PCE 64 th IETF PCE Policy Architecture draft-berger-pce-policy-architecture-00.txt Lou Berger Igor Bryskin Dimitri Papadimitriou.
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
1 Network Selection Problem Definition Draft-ietf-eap-netsel-problem-01.txt Jari Arkko Bernard Aboba.
RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.
Diameter Group Signaling Thursday, August 02 nd, 2013 draft-ietf-diameter-group-signaling-01 Mark Jones, Marco Liebsch, Lionel Morand IETF 87 Berlin, Germany.
Diameter Group Signaling Thursday, March 6 th, 2014 draft-ietf-diameter-group-signaling-03 Mark Jones, Marco Liebsch, Lionel Morand IETF 89 London, U.K.
1 Extensible Authentication Protocol (EAP) Working Group IETF-57.
San Diego, November 2006 IETF 67 th – mip6 WG Goals for AAA-HA interface (draft-ietf-mip6-aaa-ha-goals-03) Gerardo Giaretta Ivano Guardini Elena Demaria.
Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.
DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.
Doc.: IEEE /2179r0 Submission July 2007 Steve Emeott, MotorolaSlide 1 Summary of Updates to MSA Overview and MKD Functionality Text Date:
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
CAPWAP Threat Analysis
Informing AAA about what lower layer protocol is carrying EAP
Booting up on the Home Link
Open issues with PANA Protocol
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
PANA Issues and Resolutions
Hokey Architecture Deployment and Implementation
draft-ietf-dime-erp-02
for IP Mobility Protocols
ERP extension for EAP Early-authentication Protocol (EEP)
Discussions on FILS Authentication
ERP/AAK support for Inter-AAA realm handover discussion
IPv4 Support for Proxy Mobile IPv6 Ryuji Wakikawa & Sri Gundavelli
Joe Clarke (presenting)
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Percy S. Tarapore, AT&T Robert Sayko, AT&T
IEEE MEDIA INDEPENDENT HANDOVER
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Relationship between peer link and physical link
draft-zhuang-pce-stateful-pce-lsp-scheduling-05
draft-friel-acme-integrations
Qin Wu Zhen Cao Yang Shi Baohong He
Joe Clarke (presenting)
Diameter ABFAB Application
Presentation transcript:

EAP Extensions for EAP Re- authentication Protocol (ERP) draft-wu-hokey-rfc5296bis-01 Yang Shi Qin Wu Zhen Cao Baohong He

Status Presented in IETF 78, Masstricht, adopted as work item after IETF 78 The changes to the previous version –Incorporate existing Technical Erratas into this document –Constrain ERP with only one ER server –Allow ER Explicit Bootstrapping with the ER server in the same domain as the peer. –Move generic text from the section 3.1 and associated figures to the front of section 3.1. – Allow local domain name discovery through DHCP extension and ERP with the local ER server

Issue1# ERP with one ER server vs ERP with multiple server ERP with one ER server –case 1: Peer -> ER authenticator -> Local ER server –case 2: Peer -> ER authenticator -> home ER server –case 3: Peer -> EAP authenticator/ER authenticator - >Local ER server -> Home EAP server ERP with multiple server –case 4: Peer -> ER authenticator -> local ER server - > home ER server Proposal: a) restrict the ERP with only one ER server b) Or restrict ERP with the local ER server in the domain as the peer

Issue2#: Clarification of Bootstrapping Two typical example f bootstrapping described in RFC5296 –In ER Explicit bootstrapping, ‘B’ flag is used to trigger the peer to learn local domain name through ERP exchange and trigger the local ER server to request DSRK. –in ER implicit bootstrapping ‘There is no ‘B’ flag to be used. the local ER server in the path will be triggered to request DSRK. The local domain name can be leant from ER authenticator or Local ER server through subsequent ERP exchange. Proposal –bootstrapping does not means that the peer MUST go back to the home domain to obtain the local domain name. –the peer may learn the local domain name from local domain through local ERP exchange or other lower layer announcement mechanism.

Issue3#: Allow local domain discovery within the local domain Local domain name discovery –Through the EAP-Initiate/Re-auth-Start message during subsequent ERP with local ER server if the authenticator know. –Through ERP with bootstrapping flag on if the local ER server know or home ER server know –Through DHCP based local domain name discovery if DHCP server or relay know Proposal: – Revise the draft to reflect this.

Follow Up Encourage more review of draft and early feedback Expect to issue new version based on feedback from group

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.