[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Protected EAP Protocol (PEAP)
Author(s) : S. Josefsson, A. Palekar, D. Simon, G. Zorn
Filename : draft-josefsson-pppext-eap-tls-eap-07.txt
Pages : 72
Date : 2003-10-27
The Extensible Authentication Protocol (EAP), defined in RFC 2284,
provides for support of multiple authentication methods. While EAP
was originally created for use with PPP, it has since been adopted
for use with IEEE 802.1X 'Network Port Authentication'.
Since its deployment, a number of weaknesses in EAP or some EAP
protocols have become apparent. These include no per packet
confidentiality and integrity protection; which results in lack of
protection to user identity, notification messages or EAP
negotiation; and sequencing of EAP methods. In addition, there is no
standardized mechanism for key exchange; no built-in support for
fragmentation and reassembly; no support for acknowledged
success/failure indications; and no support for fast reconnect.
In addition, some EAP protocols (e.g. like EAP-MD5) are susceptible
to dictionary and brute force attacks; do not provide
confidentiality; do not support server authentication required to
prevent spoofing by rogue servers (gateways), and do not support the
generation of key strength required for 802.11i.
A URL for this Internet-Draft is:
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
A list of Internet-Drafts directories can be found in
Internet-Drafts can also be obtained by e-mail.
Send a message to:
In the body type:
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the