[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

53rd IETF - Extensible Authentication Protocol BOF (eap)




Extensible Authentication Protocol BOF (eap)

Wednesday, March 20 at 1530-1730
=================================

CHAIRS: Bernard Aboba <aboba@internaut.com>
        John Vollbrecht <jrv@interlinknetworks.com>

Description:

EAP (RFC 2284) is currently a work item of the PPPEXT WG, and is
also under consideration within the IPSRA WG (PIC) and PANA WGs.
The goal of this BOF is to discuss the creation of a working group
to clarify the EAP specification, and possibly to standardize
additional EAP methods. Backwards compatibility with RFC 2284 is
an explicit goal.

Motivation:

While EAP is now in use for authentication within the PPP and IEEE
802 link layers, interoperability issues have arisen. RFC 2284
lacked a protocol state machine, an IANA considerations section,
and a complete security considerations section. A number
of ambiguities have also arisen in RFC 2869 (RADIUS/EAP). The result
of these ambiguities is that EAP method developers may find that
their methods do not interoperate on all existing AAA servers,
NASes, and clients.

In addition, EAP is now being deployed in environments (such as
wireless networks and use over the Internet) which make it
vulnerable to attack. This has lead to proposals for
improving the security of EAP.

The primary goal of this BOF is to understand the range of
interoperability and security issues encountered with RFC 2284,
and secondarily to understand the requirements for development
of additional EAP methods. EAP is currently a work item of the
PPPEXT WG, but depending on the volume of EAP work required,
it may be appropriate to form a separate WG focussing on EAP.

BoF Agenda

1.  Scribe volunteer
2.  Agenda bash
3.  RFC 2284 interoperability issues
      draft-ietf-pppext-rfc2284bis-02.txt
4.  EAP IANA Considerations
      draft-aboba-pppext-eap-iana-00.txt
5.  EAP state machine
      draft-ietf-pppext-rfc2284bis-02.txt
6.  EAP security considerations
      draft-ietf-pppext-rfc2284bis-02.txt
      draft-aboba-pppext-key-problem-00.txt
7.  Requirements for additional EAP methods
      EAP dependencies of 802.11
      Requirement for cryptographic protection of EAP
        draft-ietf-ipsra-pic-05.txt
        draft-ietf-pppext-eap-ttls-00.txt
        draft-josefsson-pppext-eap-tls-eap-02.txt
8.  Additional proposed EAP methods
      draft-ietf-pppext-eap-srp-04.txt
      draft-arkko-pppext-eap-aka-01.txt
      draft-haverinen-pppext-eap-sim-02.txt
      draft-salgarelli-pppext-eap-ske-00.txt
9. Charter bash

Background reading (required for BOF participants)


RFC 2284 (EAP)
RFC 2869 (EAP/RADIUS)
draft-ietf-pppext-rfc2284bis-02.txt
draft-aboba-pppext-eap-iana-00.txt
draft-aboba-pppext-eap-vendor-00.txt
draft-ietf-pppext-key-problem-01.txt
draft-ietf-ipsra-pic-05.txt
draft-ietf-pppext-eap-ttls-00.txt
draft-ietf-josefsson-pppext-eap-tls-eap-02.txt


Strawman charter proposal


EAP Working Group (EAP)


Chair(s):
   This space for rent


Area Director(s):
   Thomas Narten <narten@us.ibm.com>
   Erik Nordmark <nordmark@eng.sun.com>


Security Advisors:
   Bill Arbaugh <waa@cs.umd.edu>

Mailing Lists:


General discussion: eap@frascone.com
To subscribe: send a message with "subscribe" in the subject to
              eap-request@frascone.com
Archive: http://mail.frascone.com/pipermail/eap/


The EAP working group will restrict itself to the following short-term
work items in order to fully document and improve the interoperability of
the existing EAP protocol:


1.  IANA considerations.
2.  Threat model and security considerations.
3.  EAP state machine.
4.  Clarification and documentation of EAP keying issues
5.  Documentation of interaction between EAP and other layers.
6.  Resolution of interoperability issues.
7.  Type space extension to support an expanded Type space.
8.  EAP applicability statement
9.  Update of RADIUS/EAP section of RFC 2869


Goals and Milestones


Jun  02   IANA considerations draft to RFC Editor.
Jun  02   EAP type extension section for RFC 2284bis.
Jun  02   EAP Security considerations section for RFC 2284bis.
Jun  02   EAP state machine section for RFC 2284bis.
Sep  02   RFC 2869bis published as Proposed Standard RFC.
Sep  02   RFC 2284bis published as Proposed Standard RFC.
Sep  02   EAP applicability statement published as Informational RFC.
Sep  02   EAP keying issues doc published as Informational RFC.