[Emu] I-D Action: draft-ietf-emu-eap-edhoc-02.txt
Internet-Draft draft-ietf-emu-eap-edhoc-02.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Using the Extensible Authentication Protocol (EAP) with Ephemeral Diffie-Hellman over COSE (EDHOC) Authors: Dan Garcia-Carrillo Rafael Marin-Lopez Göran Selander John Preuß Mattsson Name:draft-ietf-emu-eap-edhoc-02.txt Pages: 24 Dates: 2024-10-21 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the EAP authentication method EAP- EDHOC, based on Ephemeral Diffie-Hellman Over COSE (EDHOC). EDHOC provides a lightweight authenticated Diffie-Hellman key exchange with ephemeral keys, using COSE to provide security services efficiently encoded in CBOR. This document also provides guidance on authentication and authorization for EAP-EDHOC. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-edhoc/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-edhoc-02.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-eap-edhoc-02 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-07.txt
Internet-Draft draft-ietf-emu-bootstrapped-tls-07.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK) Authors: Owen Friel Dan Harkins Name:draft-ietf-emu-bootstrapped-tls-07.txt Pages: 13 Dates: 2024-10-21 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-07 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-bootstrapped-tls-07 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-arpa-03.txt
Internet-Draft draft-ietf-emu-eap-arpa-03.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: The eap.arpa domain and EAP provisioning Author: Alan DeKok Name:draft-ietf-emu-eap-arpa-03.txt Pages: 21 Dates: 2024-10-07 Abstract: This document defines the eap.arpa domain as a way for EAP peers to signal to EAP servers that they wish to obtain limited, and unauthenticated, network access. EAP peers signal which kind of access is required via certain pre-defined identifiers which use the Network Access Identifier (NAI) format of RFC7542. A table of identifiers and meanings is defined. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-arpa/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-arpa-03.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-eap-arpa-03 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-06.txt
Internet-Draft draft-ietf-emu-bootstrapped-tls-06.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK) Authors: Owen Friel Dan Harkins Name:draft-ietf-emu-bootstrapped-tls-06.txt Pages: 13 Dates: 2024-08-19 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-06 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-bootstrapped-tls-06 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-arpa-02.txt
Internet-Draft draft-ietf-emu-eap-arpa-02.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: The eap.arpa domain and EAP provisioning Author: Alan DeKok Name:draft-ietf-emu-eap-arpa-02.txt Pages: 18 Dates: 2024-08-12 Abstract: This document defines the eap.arpa domain as a way for EAP peers to signal to EAP servers that they wish to obtain limited, and unauthenticated, network access. EAP peers signal which kind of access is required via certain pre-defined identifiers which use the Network Access Identifier (NAI) format of RFC7542. A table of identifiers and meanings is defined. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-arpa/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-arpa-02.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-eap-arpa-02 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-arpa-01.txt
Internet-Draft draft-ietf-emu-eap-arpa-01.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: The eap.arpa domain and EAP provisioning Author: Alan DeKok Name:draft-ietf-emu-eap-arpa-01.txt Pages: 17 Dates: 2024-07-30 Abstract: This document defines the eap.arpa domain as a way for EAP peers to signal to EAP servers that they wish to obtain limited, and unauthenticated, network access. EAP peers signal which kind of access is required via certain pre-defined identifiers which use the Network Access Identifier (NAI) format of RFC7542. A table of identifiers and meanings is defined. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-arpa/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-arpa-01.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-eap-arpa-01 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-fido-00.txt
Internet-Draft draft-ietf-emu-eap-fido-00.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: EAP-FIDO Authors: Jan-Frederik Rieckers Stefan Winter Name:draft-ietf-emu-eap-fido-00.txt Pages: 38 Dates: 2024-07-08 Abstract: This document specifies an EAP method leveraging FIDO2 keys for authentication in EAP. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-emu-eap-fido/. Discussion of this document takes place on the EAP Method Update Working Group mailing list (mailto:emu@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/emu/. Subscribe at https://www.ietf.org/mailman/listinfo/emu/. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-fido/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-fido-00.html Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-edhoc-01.txt
Internet-Draft draft-ietf-emu-eap-edhoc-01.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Using the Extensible Authentication Protocol with Ephemeral Diffie-Hellman over COSE (EDHOC) Authors: Dan Garcia-Carrillo Rafael Marin-Lopez Göran Selander John Preuß Mattsson Name:draft-ietf-emu-eap-edhoc-01.txt Pages: 23 Dates: 2024-07-05 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-EDHOC with Ephemeral Diffie-Hellman Over COSE (EDHOC). EDHOC provides a lightweight authenticated Diffie-Hellman key exchange with ephemeral keys, using COSE (RFC 9052, RFC 9053) to provide security services efficiently encoded in CBOR (RFC 8949). This document also provides guidance on authentication and authorization for EAP-EDHOC. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-edhoc/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-edhoc-01.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-eap-edhoc-01 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-arpa-00.txt
Internet-Draft draft-ietf-emu-eap-arpa-00.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: The eap.arpa domain and EAP provisioning Author: Alan DeKok Name:draft-ietf-emu-eap-arpa-00.txt Pages: 16 Dates: 2024-06-13 Abstract: This document defines the eap.arpa domain as a way for EAP peers to signal to EAP servers that they wish to obtain limited, and unauthenticated, network access. EAP peers signal which kind of access is required via certain pre-defined identifiers which use the Network Access Identifier (NAI) format of RFC7542. A table of identifiers and meanings is defined. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ietf-emu-eap-arpa/. Discussion of this document takes place on the EMU Working Group mailing list (mailto:e...@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/emut/. Subscribe at https://www.ietf.org/mailman/listinfo/emut/. Source for this draft and an issue tracker can be found at https://github.com/freeradius/eap-arpa.git. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-arpa/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-arpa-00.html Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-eap-edhoc-00.txt
Internet-Draft draft-ietf-emu-eap-edhoc-00.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Using the Extensible Authentication Protocol with Ephemeral Diffie-Hellman over COSE (EDHOC) Authors: Dan Garcia-Carrillo Rafael Marin-Lopez Göran Selander John Preuß Mattsson Name:draft-ietf-emu-eap-edhoc-00.txt Pages: 22 Dates: 2024-06-13 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-EDHOC with Ephemeral Diffie-Hellman Over COSE (EDHOC). EDHOC provides a lightweight authenticated Diffie-Hellman key exchange with ephemeral keys, using COSE (RFC 9052, RFC 9053) to provide security services efficiently encoded in CBOR (RFC 8949). This document also provides guidance on authentication and authorization for EAP-EDHOC. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-edhoc/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-eap-edhoc-00.html Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-19.txt
Internet-Draft draft-ietf-emu-rfc7170bis-19.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author: Alan DeKok Name:draft-ietf-emu-rfc7170bis-19.txt Pages: 110 Dates: 2024-06-07 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170 and updates RFC 9427 by moving all TEAP specifications from those documents to this one. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-19.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-19 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-18.txt
Internet-Draft draft-ietf-emu-rfc7170bis-18.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author: Alan DeKok Name:draft-ietf-emu-rfc7170bis-18.txt Pages: 110 Dates: 2024-06-04 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170 and updates RFC 9427 by moving all TEAP specifications from those documents to this one. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-18.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-18 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-17.txt
Internet-Draft draft-ietf-emu-rfc7170bis-17.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author: Alan DeKok Name:draft-ietf-emu-rfc7170bis-17.txt Pages: 111 Dates: 2024-05-21 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170 and updates RFC 9427. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-17.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-17 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-16.txt
Internet-Draft draft-ietf-emu-rfc7170bis-16.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author: Alan DeKok Name:draft-ietf-emu-rfc7170bis-16.txt Pages: 111 Dates: 2024-03-26 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-16.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-16 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-15.txt
Internet-Draft draft-ietf-emu-rfc7170bis-15.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author: Alan DeKok Name:draft-ietf-emu-rfc7170bis-15.txt Pages: 110 Dates: 2024-02-26 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-15.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-15 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-12.txt
Internet-Draft draft-ietf-emu-aka-pfs-12.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors: Jari Arkko Karl Norrman John Preuß Mattsson Name:draft-ietf-emu-aka-pfs-12.txt Pages: 34 Dates: 2024-02-19 Abstract: This document updates RFC 9048, the improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA'), with an optional extension providing ephemeral key exchange. Similarly, this document also updates the earlier version of the EAP-AKA' specification in RFC 5448. The extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, provides forward secrecy for the session keys generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term key from obtaining session keys established in the past, assuming these have been properly deleted. In addition, EAP-AKA' FS mitigates passive attacks (e.g., large scale pervasive monitoring) against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-12 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-aka-pfs-12 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-05.txt
Internet-Draft draft-ietf-emu-bootstrapped-tls-05.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK) Authors: Owen Friel Dan Harkins Name:draft-ietf-emu-bootstrapped-tls-05.txt Pages: 13 Dates: 2024-02-17 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-05 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-bootstrapped-tls-05 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-04.txt
Internet-Draft draft-ietf-emu-bootstrapped-tls-04.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK) Authors: Owen Friel Dan Harkins Name:draft-ietf-emu-bootstrapped-tls-04.txt Pages: 13 Dates: 2024-01-28 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an HTMLized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-04 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-bootstrapped-tls-04 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-14.txt
Internet-Draft draft-ietf-emu-rfc7170bis-14.txt is now available. It is a work item of the EAP Method Update (EMU) WG of the IETF. Title: Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author: Alan DeKok Name:draft-ietf-emu-rfc7170bis-14.txt Pages: 108 Dates: 2023-09-04 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-14.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-14 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-13.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-13.txt Pages : 109 Date: 2023-08-22 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-13.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-13 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-12.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-12.txt Pages : 108 Date: 2023-08-18 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-12.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-12 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-11.txt Pages : 105 Date: 2023-08-14 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-11.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-11 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-10.txt Pages : 104 Date: 2023-08-03 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-10.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-10 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-09.txt Pages : 103 Date: 2023-07-31 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-09.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-09 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors : Jari Arkko Karl Norrman John Preuß Mattsson Filename: draft-ietf-emu-aka-pfs-11.txt Pages : 33 Date: 2023-07-10 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising the smart card supply chain, such as attacking Universal Subscriber Identity Module (USIM) card manufacturers and operators in an effort to compromise long-term keys stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have received much scrutiny and have improved. However, resourceful attackers are always a cause for concern. Always assuming a breach, such as long-term key compromise, and minimizing the impact of breach are essential zero trust principles. This document updates RFC 9048, the improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA'), with an optional extension providing ephemeral key exchange. Similarly, this document also updates the earlier version of the EAP-AKA' specification in RFC 5448. The extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, provides forward secrecy for the session keys generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term key from obtaining session keys established in the past, assuming these have been properly deleted. In addition, EAP-AKA' FS mitigates passive attacks (e.g., large scale pervasive monitoring) against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-11 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-aka-pfs-11 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-08.txt Pages : 103 Date: 2023-07-10 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-08.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-07.txt Pages : 101 Date: 2023-07-03 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-07.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-07 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK) Authors : Owen Friel Dan Harkins Filename: draft-ietf-emu-bootstrapped-tls-03.txt Pages : 12 Date: 2023-06-22 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-03 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-bootstrapped-tls-03 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-06.txt Pages : 96 Date: 2023-04-25 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-06.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-06 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update (EMU) WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-05.txt Pages : 93 Date: 2023-03-10 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-05.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-05 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This Internet-Draft is a work item of the EAP Method Update WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Author : Alan DeKok Filename: draft-ietf-emu-rfc7170bis-04.txt Pages : 95 Date: 2023-03-06 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-04.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-04 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-13.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-13.txt Pages : 23 Date: 2023-02-16 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-13 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-tls-eap-types-13 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-12.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-12.txt Pages : 22 Date: 2023-02-15 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-12 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-tls-eap-types-12 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Bootstrapped TLS Authentication with Proof of Knowledge (TLS-POK) Authors : Owen Friel Dan Harkins Filename: draft-ietf-emu-bootstrapped-tls-02.txt Pages : 12 Date: 2023-02-10 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-02 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-bootstrapped-tls-02 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-11.txt Pages : 22 Date: 2023-01-27 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-11 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-tls-eap-types-11 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors : Jari Arkko Karl Norrman Vesa Torvinen John Preuß Mattsson Filename: draft-ietf-emu-aka-pfs-10.txt Pages : 32 Date: 2023-01-26 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising the smart card supply chain, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. Always assuming breach such as key compromise and minimizing the impact of breach are essential zero-trust principles. This specification updates RFC 9048, the improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA'), with an optional extension. Similarly, this specification also updates the earlier version of the EAP-AKA' specification in RFC 5448. The extension, when negotiated, provides Forward Secrecy for the session key generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term pre-shared secret in a Subscriber Identity Module (SIM) card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-10 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-aka-pfs-10 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Authors : Alan DeKok Hao Zhou Joseph Salowey Nancy Cam-Winget Stephen Hanna Filename: draft-ietf-emu-rfc7170bis-03.txt Pages : 94 Date: 2023-01-24 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obsoletes RFC 7170. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-03.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-03 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors : Jari Arkko Karl Norrman Vesa Torvinen John Preuß Mattsson Filename: draft-ietf-emu-aka-pfs-09.txt Pages : 32 Date: 2023-01-21 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising the smart card supply chain, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. Always assuming breach such as key compromise and minimizing the impact of breach are essential zero-trust principles. This specification updates RFC 9048, the EAP-AKA' authentication method, with an optional extension. Similarly, this specification also updates the earlier version of the EAP-AKA' specification in RFC 5448. The extension, when negotiated, provides Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-09 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-aka-pfs-09 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-10.txt Pages : 22 Date: 2023-01-13 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-10 A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-tls-eap-types-10 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Authors : Alan DeKok Hao Zhou Joseph Salowey Nancy Cam-Winget Stephen Hanna Filename: draft-ietf-emu-rfc7170bis-02.txt Pages : 101 Date: 2023-01-05 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document obseletes RFC 7170. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-02.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-02 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Authors : Alan DeKok Hao Zhou Joseph Salowey Nancy Cam-Winget Stephen Hanna Filename: draft-ietf-emu-rfc7170bis-01.txt Pages : 98 Date: 2022-12-28 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document replaces RFC 7170. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-01.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-rfc7170bis-01 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc7170bis-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Tunnel Extensible Authentication Protocol (TEAP) Version 1 Authors : Alan DeKok Hao Zhou Joseph Salowey Nancy Cam-Winget Stephen Hanna Filename: draft-ietf-emu-rfc7170bis-00.txt Pages : 98 Date: 2022-12-28 Abstract: This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server. This document replaces RFC 7170. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-rfc7170bis-00.html Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Bootstrapped TLS Authentication Authors : Owen Friel Dan Harkins Filename: draft-ietf-emu-bootstrapped-tls-01.txt Pages : 12 Date: 2022-10-24 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-bootstrapped-tls-01 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors : Jari Arkko Karl Norrman Vesa Torvinen John Preuß Mattsson Filename: draft-ietf-emu-aka-pfs-08.txt Pages : 31 Date: 2022-10-23 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising the smart card supply chain, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. Always assuming breach such as key compromise and minimizing the impact of breach are essential zero-trust principles. This specification updates RFC 9048, the EAP-AKA' authentication method, with an optional extension. Similarly, this specification also updates the earlier version of the EAP-AKA' specification in RFC 5448. The extension, when negotiated, provides Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-emu-aka-pfs-08.html A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-bootstrapped-tls-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Bootstrapped TLS Authentication Authors : Owen Friel Dan Harkins Filename: draft-ietf-emu-bootstrapped-tls-00.txt Pages : 12 Date: 2022-10-10 Abstract: This document defines a mechanism that enables a bootstrapping device to establish trust and mutually authenticate against a network. Bootstrapping devices have a public private key pair, and this mechanism enables a network server to prove to the device that it knows the public key, and the device to prove to the server that it knows the private key. The mechanism leverages existing DPP and TLS standards and can be used in an EAP exchange. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-bootstrapped-tls-00 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-09.txt Pages : 21 Date: 2022-09-27 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-09 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-08.txt Pages : 21 Date: 2022-09-21 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-08 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors : Jari Arkko Karl Norrman Vesa Torvinen John Mattsson Filename: draft-ietf-emu-aka-pfs-07.txt Pages : 28 Date: 2022-07-11 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising the smart card supply chain, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. Always assuming breach such as key compromise and minimizing the impact of breach are essential zero-trust principles. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [RFC9048]. The extension, when negotiated, provides Forward Secrecy for the session key generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term pre- shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-07 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-07.txt Pages : 20 Date: 2022-07-05 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as EAP-FAST (RFC 4851), EAP- TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-07 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-06.txt Pages : 20 Date: 2022-05-25 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as FAST (RFC 4851), TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-06 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS) Authors : Jari Arkko Karl Norrman Vesa Torvinen Filename: draft-ietf-emu-aka-pfs-06.txt Pages : 26 Date: 2022-03-07 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising smart cards, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [RFC9048]. The extension, when negotiated, provides Forward Secrecy for the session key generated as a part of the authentication run in EAP-AKA'. This prevents an attacker who has gained access to the long-term pre- shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-06 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-05.txt Pages : 19 Date: 2022-03-05 Abstract: EAP-TLS (RFC 5216) has been updated for TLS 1.3 in RFC 9190. Many other EAP types also depend on TLS, such as FAST (RFC 4851), TTLS (RFC 5281), TEAP (RFC 7170), and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-05 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-04.txt Pages : 18 Date: 2022-01-21 Abstract: EAP-TLS [RFC5216] is being updated for TLS 1.3 in [EAPTLS]. Many other EAP [RFC3748] and [RFC5247] types also depend on TLS, such as FAST [RFC4851], TTLS [RFC5281], TEAP [RFC7170], and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-04 Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-21.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3) Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-21.txt Pages : 36 Date: 2021-10-20 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security and privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking, when compared to EAP-TLS with earlier versions of TLS. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-21 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-21 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-20.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3) Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-20.txt Pages : 36 Date: 2021-09-03 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-20 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-20 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Aleksi Peltonen Filename: draft-ietf-emu-eap-noob-06.txt Pages : 68 Date: 2021-09-03 Abstract: The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication, and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have a non-network input or output interface, such as a display, microphone, speaker, or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-06 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-19.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3) Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-19.txt Pages : 37 Date: 2021-08-03 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-19 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-19 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Aleksi Peltonen Filename: draft-ietf-emu-eap-noob-05.txt Pages : 73 Date: 2021-07-12 Abstract: The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication, and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have a non-network input or output interface, such as a display, microphone, speaker, or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-05 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-18.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3) Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-18.txt Pages : 35 Date: 2021-07-09 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-18 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-18 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-17.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3) Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-17.txt Pages : 35 Date: 2021-06-26 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-17 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-17 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-03.txt Pages : 15 Date: 2021-06-22 Abstract: EAP-TLS [RFC5216] is being updated for TLS 1.3 in [EAPTLS]. Many other EAP [RFC3748] and [RFC5247] types also depend on TLS, such as FAST [RFC4851], TTLS [RFC5281], TEAP [RFC7170], and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-03 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-16.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3) Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-16.txt Pages : 35 Date: 2021-06-11 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There is also an htmlized version available at: https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-16 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-16 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc5448bis-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA') Authors : Jari Arkko Vesa Lehtovirta Vesa Torvinen Pasi Eronen Filename: draft-ietf-emu-rfc5448bis-10.txt Pages : 51 Date: 2021-05-10 Abstract: The 3GPP Mobile Network Authentication and Key Agreement (AKA) is an authentication mechanism for devices wishing to access mobile networks. RFC 4187 (EAP-AKA) made the use of this mechanism possible within the Extensible Authentication Protocol (EAP) framework. RFC 5448 (EAP-AKA') was an improved version of EAP-AKA. This document is the most recent specification of EAP-AKA', including, for instance, details and references about related to operating EAP-AKA' in 5G networks. EAP-AKA' differs from EAP-AKA by providing a key derivation function that binds the keys derived within the method to the name of the access network. The key derivation function has been defined in the 3rd Generation Partnership Project (3GPP). EAP-AKA' allows its use in EAP in an interoperable manner. EAP-AKA' also updates the algorithm used in hash functions, as it employs SHA-256 / HMAC- SHA-256 instead of SHA-1 / HMAC-SHA-1 as in EAP-AKA. This version of EAP-AKA' specification specifies the protocol behaviour for both 4G and 5G deployments, whereas the previous version only did this for 4G. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc5448bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-rfc5448bis-10 https://datatracker.ietf.org/doc/html/draft-ietf-emu-rfc5448bis-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-rfc5448bis-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-15.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-15.txt Pages : 33 Date: 2021-05-04 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-15 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-15 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-15 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Aleksi Peltonen Filename: draft-ietf-emu-eap-noob-04.txt Pages : 70 Date: 2021-03-16 Abstract: The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speaker or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-noob-04 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-02.txt Pages : 14 Date: 2021-02-21 Abstract: EAP-TLS [RFC5216] is being updated for TLS 1.3 in [EAPTLS]. Many other EAP [RFC3748] and [RFC5247] types also depend on TLS, such as FAST [RFC4851], TTLS [RFC5281], TEAP [RFC7170], and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-tls-eap-types-02 https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-14.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-14.txt Pages : 32 Date: 2021-02-02 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-14 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-14 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-14 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc5448bis-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA') Authors : Jari Arkko Vesa Lehtovirta Vesa Torvinen Pasi Eronen Filename: draft-ietf-emu-rfc5448bis-09.txt Pages : 50 Date: 2021-01-11 Abstract: The 3GPP Mobile Network Authentication and Key Agreement (AKA) is an authentication mechanism for devices wishing to access mobile networks. RFC 4187 (EAP-AKA) made the use of this mechanism possible within the Extensible Authentication Protocol (EAP) framework. RFC 5448 (EAP-AKA') was an improved version of EAP-AKA. This memo is the most recent specification of EAP-AKA', including, for instance, details and references about related to operating EAP- AKA' in 5G networks. EAP-AKA' differs from EAP-AKA by providing a key derivation function that binds the keys derived within the method to the name of the access network. The key derivation function has been defined in the 3rd Generation Partnership Project (3GPP). EAP-AKA' allows its use in EAP in an interoperable manner. EAP-AKA' also updates the algorithm used in hash functions, as it employs SHA-256 / HMAC- SHA-256 instead of SHA-1 / HMAC-SHA-1 as in EAP-AKA. This version of EAP-AKA' specification specifies the protocol behaviour for both 4G and 5G deployments, whereas the previous version only did this for 4G. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc5448bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-rfc5448bis-09 https://datatracker.ietf.org/doc/html/draft-ietf-emu-rfc5448bis-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-rfc5448bis-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Aleksi Peltonen Filename: draft-ietf-emu-eap-noob-03.txt Pages : 67 Date: 2020-12-13 Abstract: The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speaker or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-noob-03 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-08.txt Pages : 14 Date: 2020-11-20 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC3748, provides a standard mechanism for support of multiple authentication methods. EAP-Transport Layer Security (EAP-TLS) and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This document looks at this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-08 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-13.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-13.txt Pages : 30 Date: 2020-11-19 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-13 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-07.txt Pages : 14 Date: 2020-11-19 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC3748, provides a standard mechanism for support of multiple authentication methods. EAP-Transport Layer Security (EAP-TLS) and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This document looks at this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-07 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-12.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-12.txt Pages : 30 Date: 2020-11-02 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-12 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-12 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-12 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc5448bis-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA') Authors : Jari Arkko Vesa Lehtovirta Vesa Torvinen Pasi Eronen Filename: draft-ietf-emu-rfc5448bis-08.txt Pages : 49 Date: 2020-10-30 Abstract: The 3GPP Mobile Network Authentication and Key Agreement (AKA) is the primary authentication mechanism for devices wishing to access mobile networks. RFC 4187 (EAP-AKA) made the use of this mechanism possible within the Extensible Authentication Protocol (EAP) framework. RFC 5448 (EAP-AKA') was an improved version of EAP-AKA. This memo replaces the specification of EAP-AKA'. EAP-AKA' was defined in RFC 5448 and updated EAP-AKA RFC 4187. As such this document obsoletes RFC 5448 and updates RFC 4187. EAP-AKA' differs from EAP-AKA by providing a key derivation function that binds the keys derived within the method to the name of the access network. The key derivation function has been defined in the 3rd Generation Partnership Project (3GPP). EAP-AKA' allows its use in EAP in an interoperable manner. EAP-AKA' also updates the algorithm used in hash functions, as it employs SHA-256 / HMAC- SHA-256 instead of SHA-1 / HMAC-SHA-1 as in EAP-AKA. This version of EAP-AKA' specification specifies the protocol behaviour for both 4G and 5G deployments, whereas the previous version only did this for 4G. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc5448bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-rfc5448bis-08 https://datatracker.ietf.org/doc/html/draft-ietf-emu-rfc5448bis-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-rfc5448bis-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS) Authors : Jari Arkko Karl Norrman Vesa Torvinen Filename: draft-ietf-emu-aka-pfs-05.txt Pages : 26 Date: 2020-10-30 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising smart cards, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [I-D.ietf-emu-rfc5448bis]. The extension, when negotiated, provides Perfect Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-aka-pfs-05 https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-06.txt Pages : 14 Date: 2020-10-28 Abstract: The Extensible Authentication Protocol (EAP), defined in RFC3748, provides a standard mechanism for support of multiple authentication methods. EAP-Transport Layer Security (EAP-TLS) and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This document looks at the this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-06 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-11.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-11.txt Pages : 30 Date: 2020-10-14 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-11 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-session-id-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP Author : Alan DeKok Filename: draft-ietf-emu-eap-session-id-07.txt Pages : 9 Date: 2020-09-03 Abstract: RFC 5247 is updated to define and clarity EAP Session-Id derivation for multiple EAP methods. The derivation of Session-Id was not given for EAP-SIM or EAP-AKA when using the fast reconnect exchange instead of full authentication. The derivation of Session-Id for full authentication is clarified for both EAP-SIM and EAP-AKA. The deriviation of Session-Id for PEAP is also given. The definition for PEAP follows the definition for other TLS-based EAP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-07 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-session-id-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-session-id-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-01.txt Pages : 12 Date: 2020-07-29 Abstract: EAP-TLS [RFC5216] is being updated for TLS 1.3 in [EAPTLS]. Many other EAP [RFC3748] and [RFC5247] types also depend on TLS, such as FAST [RFC4851], TTLS [RFC5281], TEAP [RFC7170], and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-tls-eap-types-01 https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-tls-eap-types-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-session-id-06.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP Author : Alan DeKok Filename: draft-ietf-emu-eap-session-id-06.txt Pages : 9 Date: 2020-07-29 Abstract: RFC 5247 is updated to define and clarity EAP Session-Id derivation for multiple EAP methods. The derivation of Session-Id was not given for EAP-SIM or EAP-AKA when using the fast reconnect exchange instead of full authentication. The derivation of Session-Id for full authentication is clarified for both EAP-SIM and EAP-AKA. The deriviation of Session-Id for PEAP is also given. The definition for PEAP follows the definition for other TLS-based EAP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-06 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-session-id-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-session-id-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-session-id-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP Author : Alan DeKok Filename: draft-ietf-emu-eap-session-id-05.txt Pages : 9 Date: 2020-07-27 Abstract: RFC 5247 is updated to define and clarity EAP Session-Id derivation for multiple EAP methods. The derivation of Session-Id was not given for EAP-SIM or EAP-AKA when using the fast reconnect exchange instead of full authentication. The derivation of Session-Id for full authentication is clarified for both EAP-SIM and EAP-AKA. The deriviation of Session-Id for PEAP is also given. The definition for PEAP follows the definition for other TLS-based EAP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-05 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-session-id-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-session-id-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Filename: draft-ietf-emu-eap-noob-02.txt Pages : 66 Date: 2020-07-12 Abstract: The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speakers or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-noob-02 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-05.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-05.txt Pages : 14 Date: 2020-06-15 Abstract: EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This document looks at the this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-05 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-04.txt Pages : 13 Date: 2020-06-08 Abstract: EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This document looks at the this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-04 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-10.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-10.txt Pages : 30 Date: 2020-06-07 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document also provides guidance on authorization and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-10 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Filename: draft-ietf-emu-eap-noob-01.txt Pages : 63 Date: 2020-06-01 Abstract: Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speakers or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-noob-01 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-noob-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-session-id-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP Author : Alan DeKok Filename: draft-ietf-emu-eap-session-id-04.txt Pages : 9 Date: 2020-05-27 Abstract: EAP Session-Id derivation has not been defined for EAP-SIM or EAP-AKA when using the fast re-authentication exchange instead of full authentication. This document updates RFC 5247 to define those derivations for EAP-SIM and EAP-AKA. RFC 5247 also does not define Session-Id derivation for PEAP. A definition is given here which follows the definition for other TLS-based EAP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-04 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-session-id-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-session-id-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-04.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS) Authors : Jari Arkko Karl Norrman Vesa Torvinen Filename: draft-ietf-emu-aka-pfs-04.txt Pages : 26 Date: 2020-05-25 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising smart cards, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [I-D.ietf-emu-rfc5448bis]. The extension, when negotiated, provides Perfect Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-aka-pfs-04 https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS) Authors : Jari Arkko Karl Norrman Vesa Torvinen Filename: draft-ietf-emu-aka-pfs-03.txt Pages : 26 Date: 2020-05-22 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising smart cards, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [I-D.ietf-emu-rfc5448bis]. The extension, when negotiated, provides Perfect Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-aka-pfs-03 https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-tls-eap-types-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : TLS-based EAP types and TLS 1.3 Author : Alan DeKok Filename: draft-ietf-emu-tls-eap-types-00.txt Pages : 10 Date: 2020-05-14 Abstract: EAP-TLS [RFC5216] is being updated for TLS 1.3 in [EAPTLS]. Many other EAP [RFC3748] and [RFC5247] types also depend on TLS, such as FAST [RFC4851], TTLS [RFC5281], TEAP [RFC7170], and possibly many vendor specific EAP methods. This document updates those methods in order to use the new key derivation methods available in TLS 1.3. Additional changes necessitated by TLS 1.3 are also discussed. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-tls-eap-types/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-tls-eap-types-00 https://datatracker.ietf.org/doc/html/draft-ietf-emu-tls-eap-types-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-session-id-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP Author : Alan DeKok Filename: draft-ietf-emu-eap-session-id-03.txt Pages : 9 Date: 2020-05-14 Abstract: EAP Session-Id derivation has not been defined for EAP-SIM or EAP-AKA when using the fast re-authentication exchange instead of full authentication. This document updates RFC 5247 to define those derivations for EAP-SIM and EAP-AKA. RFC 5247 also does not define Session-Id derivation for PEAP. A definition is given here which follows the definition for other TLS-based EAP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-03 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-session-id-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-session-id-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-03.txt Pages : 12 Date: 2020-05-09 Abstract: EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This document looks at the this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-03 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-03 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-noob-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Nimble out-of-band authentication for EAP (EAP-NOOB) Authors : Tuomas Aura Mohit Sethi Filename: draft-ietf-emu-eap-noob-00.txt Pages : 62 Date: 2020-05-05 Abstract: Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speakers or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-noob-00 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-noob-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-02.txt Pages : 12 Date: 2020-03-16 Abstract: EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This memo looks at the this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-02 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-rfc5448bis-07.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA') Authors : Jari Arkko Vesa Lehtovirta Vesa Torvinen Pasi Eronen Filename: draft-ietf-emu-rfc5448bis-07.txt Pages : 50 Date: 2020-03-09 Abstract: The 3GPP Mobile Network Authentication and Key Agreement (AKA) is the primary authentication mechanism for devices wishing to access mobile networks. RFC 4187 (EAP-AKA) made the use of this mechanism possible within the Extensible Authentication Protocol (EAP) framework. RFC 5448 (EAP-AKA') was an improved version of EAP-AKA. This memo replaces the specification of EAP-AKA'. EAP-AKA' was defined in RFC 5448 and updated EAP-AKA RFC 4187. As such this document obsoletes RFC 5448 and updates RFC 4187. EAP-AKA' differs from EAP-AKA by providing a key derivation function that binds the keys derived within the method to the name of the access network. The key derivation function has been defined in the 3rd Generation Partnership Project (3GPP). EAP-AKA' allows its use in EAP in an interoperable manner. EAP-AKA' also updates the algorithm used in hash functions, as it employs SHA-256 / HMAC- SHA-256 instead of SHA-1 / HMAC-SHA-1 as in EAP-AKA. This version of EAP-AKA' specification specifies the protocol behaviour for both 4G and 5G deployments, whereas the previous version only did this for 4G. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-rfc5448bis/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-rfc5448bis-07 https://datatracker.ietf.org/doc/html/draft-ietf-emu-rfc5448bis-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-rfc5448bis-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-09.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-09.txt Pages : 29 Date: 2020-03-09 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-09 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eaptlscert-01.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods Authors : Mohit Sethi John Mattsson Sean Turner Filename: draft-ietf-emu-eaptlscert-01.txt Pages : 12 Date: 2020-03-05 Abstract: EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This memo looks at the this problem in detail and describes the potential solutions available. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eaptlscert/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eaptlscert-01 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eaptlscert-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-session-id-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP Author : Alan DeKok Filename: draft-ietf-emu-eap-session-id-02.txt Pages : 9 Date: 2020-01-07 Abstract: EAP Session-Id derivation has not been defined for EAP-SIM or EAP-AKA when using the fast re-authentication exchange instead of full authentication. This document updates RFC 5247 to define those derivations for EAP-SIM and EAP-AKA. RFC 5247 also does not define Session-Id derivation for PEAP. A definition is given here which follows the definition for other TLS-based EAP methods. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-session-id/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-session-id-02 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-session-id-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-session-id-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-eap-tls13-08.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Using EAP-TLS with TLS 1.3 Authors : John Preuß Mattsson Mohit Sethi Filename: draft-ietf-emu-eap-tls13-08.txt Pages : 29 Date: 2019-12-27 Abstract: This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-eap-tls13-08 https://datatracker.ietf.org/doc/html/draft-ietf-emu-eap-tls13-08 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-eap-tls13-08 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] I-D Action: draft-ietf-emu-aka-pfs-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the EAP Method Update WG of the IETF. Title : Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS) Authors : Jari Arkko Karl Norrman Vesa Torvinen Filename: draft-ietf-emu-aka-pfs-02.txt Pages : 26 Date: 2019-11-17 Abstract: Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising smart cards, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [I-D.ietf-emu-rfc5448bis]. The extension, when negotiated, provides Perfect Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-emu-aka-pfs-02 https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-emu-aka-pfs-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
