Presentation is loading. Please wait.

Presentation is loading. Please wait.

Glen Zorn Cisco Systems

Similar presentations


Presentation on theme: "Glen Zorn Cisco Systems"— Presentation transcript:

1 Glen Zorn Cisco Systems gwz@cisco.com
Specifying Security Claims for EAP Authentication Types (draft-zorn-eap-eval-00.txt) Glen Zorn Cisco Systems

2 How to Evaluate the Security of EAP Authentication Types?
Define terms Specify security claims Evaluate claims against Type definition User security Requirement

3 Defining Terms Clear Unambiguous Available RFC 2828
“Terminology” section of I-D

4 Specifying Security Claims
In “Security Considerations” section? Claims must be specified in defined terms Independent Stand-alone Proofs encouraged Should be in appendix

5 Evaluating Security Claims
Two evaluative modes Evaluate against type description Useful in IETF Evaluate against security requirements Useful in evaluating for deployment

6 Problems Terms largely un/underdefined
RFC 2828 doesn’t define “mutual authentication” Define a set of EAP-specific terms? Security "qualities" difficult to demonstrate, prove

7 Recommendations Work on this technique further
Incorporate into RFC 2284bis? Design team to define terms?


Download ppt "Glen Zorn Cisco Systems"

Similar presentations


Ads by Google