[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

53rd IETF - Extensible Authentication Protocol BOF (eap)

Extensible Authentication Protocol BOF (eap)

Wednesday, March 20 at 1530-1730

CHAIRS: Bernard Aboba <aboba@internaut.com>
        John Vollbrecht <jrv@interlinknetworks.com>


EAP (RFC 2284) is currently a work item of the PPPEXT WG, and is
also under consideration within the IPSRA WG (PIC) and PANA WGs.
The goal of this BOF is to discuss the creation of a working group
to clarify the EAP specification, and possibly to standardize
additional EAP methods. Backwards compatibility with RFC 2284 is
an explicit goal.


While EAP is now in use for authentication within the PPP and IEEE
802 link layers, interoperability issues have arisen. RFC 2284
lacked a protocol state machine, an IANA considerations section,
and a complete security considerations section. A number
of ambiguities have also arisen in RFC 2869 (RADIUS/EAP). The result
of these ambiguities is that EAP method developers may find that
their methods do not interoperate on all existing AAA servers,
NASes, and clients.

In addition, EAP is now being deployed in environments (such as
wireless networks and use over the Internet) which make it
vulnerable to attack. This has lead to proposals for
improving the security of EAP.

The primary goal of this BOF is to understand the range of
interoperability and security issues encountered with RFC 2284,
and secondarily to understand the requirements for development
of additional EAP methods. EAP is currently a work item of the
PPPEXT WG, but depending on the volume of EAP work required,
it may be appropriate to form a separate WG focussing on EAP.

BoF Agenda

1.  Scribe volunteer
2.  Agenda bash
3.  RFC 2284 interoperability issues
4.  EAP IANA Considerations
5.  EAP state machine
6.  EAP security considerations
7.  Requirements for additional EAP methods
      EAP dependencies of 802.11
      Requirement for cryptographic protection of EAP
8.  Additional proposed EAP methods
9. Charter bash

Background reading (required for BOF participants)

RFC 2284 (EAP)

Strawman charter proposal

EAP Working Group (EAP)

   This space for rent

Area Director(s):
   Thomas Narten <narten@us.ibm.com>
   Erik Nordmark <nordmark@eng.sun.com>

Security Advisors:
   Bill Arbaugh <waa@cs.umd.edu>

Mailing Lists:

General discussion: eap@frascone.com
To subscribe: send a message with "subscribe" in the subject to
Archive: http://mail.frascone.com/pipermail/eap/

The EAP working group will restrict itself to the following short-term
work items in order to fully document and improve the interoperability of
the existing EAP protocol:

1.  IANA considerations.
2.  Threat model and security considerations.
3.  EAP state machine.
4.  Clarification and documentation of EAP keying issues
5.  Documentation of interaction between EAP and other layers.
6.  Resolution of interoperability issues.
7.  Type space extension to support an expanded Type space.
8.  EAP applicability statement
9.  Update of RADIUS/EAP section of RFC 2869

Goals and Milestones

Jun  02   IANA considerations draft to RFC Editor.
Jun  02   EAP type extension section for RFC 2284bis.
Jun  02   EAP Security considerations section for RFC 2284bis.
Jun  02   EAP state machine section for RFC 2284bis.
Sep  02   RFC 2869bis published as Proposed Standard RFC.
Sep  02   RFC 2284bis published as Proposed Standard RFC.
Sep  02   EAP applicability statement published as Informational RFC.
Sep  02   EAP keying issues doc published as Informational RFC.