A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update Working Group of the IETF.
Title : EAP Mutual Cryptographic Binding
Author(s) : Sam Hartman
Margaret Wasserman
Dacheng Zhang
Filename : draft-ietf-emu-crypto-bind-02.txt
Pages : 25
Date : 2013-02-25
Abstract:
As the Extensible Authentication Protocol (EAP) evolves, EAP peers
rely increasingly on information received from the EAP server. EAP
extensions such as channel binding or network posture information are
often carried in tunnel methods; peers are likely to rely on this
information. [RFC 3748] is a facility that protects tunnel methods
against man-in-the-middle attacks. However, cryptographic binding
focuses on protecting the server rather than the peer. This memo
explores attacks possible when the peer is not protected from man-in-
the-middle attacks and recommends mutual cryptographic binding, a new
form of cryptographic binding that protects both peer and server
along with other mitigations.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-emu-crypto-bind
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-emu-crypto-bind-02
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-emu-crypto-bind-02
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
