[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
53rd IETF - Extensible Authentication Protocol BOF (eap)
- To: IETF-Announce: ;
- Subject: 53rd IETF - Extensible Authentication Protocol BOF (eap)
- From: firstname.lastname@example.org
- Date: Wed, 06 Mar 2002 13:21:11 -0500
- Cc: email@example.com
- Delivery-date: Wed, 06 Mar 2002 23:52:46 +0200
- Envelope-to: firstname.lastname@example.org
- Sender: email@example.com
Extensible Authentication Protocol BOF (eap)
Wednesday, March 20 at 1530-1730
CHAIRS: Bernard Aboba <firstname.lastname@example.org>
John Vollbrecht <email@example.com>
EAP (RFC 2284) is currently a work item of the PPPEXT WG, and is
also under consideration within the IPSRA WG (PIC) and PANA WGs.
The goal of this BOF is to discuss the creation of a working group
to clarify the EAP specification, and possibly to standardize
additional EAP methods. Backwards compatibility with RFC 2284 is
an explicit goal.
While EAP is now in use for authentication within the PPP and IEEE
802 link layers, interoperability issues have arisen. RFC 2284
lacked a protocol state machine, an IANA considerations section,
and a complete security considerations section. A number
of ambiguities have also arisen in RFC 2869 (RADIUS/EAP). The result
of these ambiguities is that EAP method developers may find that
their methods do not interoperate on all existing AAA servers,
NASes, and clients.
In addition, EAP is now being deployed in environments (such as
wireless networks and use over the Internet) which make it
vulnerable to attack. This has lead to proposals for
improving the security of EAP.
The primary goal of this BOF is to understand the range of
interoperability and security issues encountered with RFC 2284,
and secondarily to understand the requirements for development
of additional EAP methods. EAP is currently a work item of the
PPPEXT WG, but depending on the volume of EAP work required,
it may be appropriate to form a separate WG focussing on EAP.
1. Scribe volunteer
2. Agenda bash
3. RFC 2284 interoperability issues
4. EAP IANA Considerations
5. EAP state machine
6. EAP security considerations
7. Requirements for additional EAP methods
EAP dependencies of 802.11
Requirement for cryptographic protection of EAP
8. Additional proposed EAP methods
9. Charter bash
Background reading (required for BOF participants)
RFC 2284 (EAP)
RFC 2869 (EAP/RADIUS)
Strawman charter proposal
EAP Working Group (EAP)
This space for rent
Thomas Narten <firstname.lastname@example.org>
Erik Nordmark <email@example.com>
Bill Arbaugh <firstname.lastname@example.org>
General discussion: email@example.com
To subscribe: send a message with "subscribe" in the subject to
The EAP working group will restrict itself to the following short-term
work items in order to fully document and improve the interoperability of
the existing EAP protocol:
1. IANA considerations.
2. Threat model and security considerations.
3. EAP state machine.
4. Clarification and documentation of EAP keying issues
5. Documentation of interaction between EAP and other layers.
6. Resolution of interoperability issues.
7. Type space extension to support an expanded Type space.
8. EAP applicability statement
9. Update of RADIUS/EAP section of RFC 2869
Goals and Milestones
Jun 02 IANA considerations draft to RFC Editor.
Jun 02 EAP type extension section for RFC 2284bis.
Jun 02 EAP Security considerations section for RFC 2284bis.
Jun 02 EAP state machine section for RFC 2284bis.
Sep 02 RFC 2869bis published as Proposed Standard RFC.
Sep 02 RFC 2284bis published as Proposed Standard RFC.
Sep 02 EAP applicability statement published as Informational RFC.
Sep 02 EAP keying issues doc published as Informational RFC.