Download presentation
Presentation is loading. Please wait.
1
Glen Zorn Cisco Systems gwz@cisco.com
Specifying Security Claims for EAP Authentication Types (draft-zorn-eap-eval-00.txt) Glen Zorn Cisco Systems
2
How to Evaluate the Security of EAP Authentication Types?
Define terms Specify security claims Evaluate claims against Type definition User security Requirement
3
Defining Terms Clear Unambiguous Available RFC 2828
“Terminology” section of I-D
4
Specifying Security Claims
In “Security Considerations” section? Claims must be specified in defined terms Independent Stand-alone Proofs encouraged Should be in appendix
5
Evaluating Security Claims
Two evaluative modes Evaluate against type description Useful in IETF Evaluate against security requirements Useful in evaluating for deployment
6
Problems Terms largely un/underdefined
RFC 2828 doesn’t define “mutual authentication” Define a set of EAP-specific terms? Security "qualities" difficult to demonstrate, prove
7
Recommendations Work on this technique further
Incorporate into RFC 2284bis? Design team to define terms?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.