[Emu] I-D Action: draft-ietf-emu-aka-pfs-11.txt

Mon, 10 Jul 2023 12:37:44 -0700 

A New Internet-Draft is available from the on-line Internet-Drafts
directories. This Internet-Draft is a work item of the EAP Method Update (EMU)
WG of the IETF.

   Title           : Forward Secrecy for the Extensible Authentication Protocol 
Method for Authentication and Key Agreement (EAP-AKA' FS)
   Authors         : Jari Arkko
                     Karl Norrman
                     John Preuß Mattsson
   Filename        : draft-ietf-emu-aka-pfs-11.txt
   Pages           : 33
   Date            : 2023-07-10

Abstract:
   Many different attacks have been reported as part of revelations
   associated with pervasive surveillance.  Some of the reported attacks
   involved compromising the smart card supply chain, such as attacking
   Universal Subscriber Identity Module (USIM) card manufacturers and
   operators in an effort to compromise long-term keys stored on these
   cards.  Since the publication of those reports, manufacturing and
   provisioning processes have received much scrutiny and have improved.
   However, resourceful attackers are always a cause for concern.
   Always assuming a breach, such as long-term key compromise, and
   minimizing the impact of breach are essential zero trust principles.

   This document updates RFC 9048, the improved Extensible
   Authentication Protocol Method for 3GPP Mobile Network Authentication
   and Key Agreement (EAP-AKA'), with an optional extension providing
   ephemeral key exchange.  Similarly, this document also updates the
   earlier version of the EAP-AKA' specification in RFC 5448.  The
   extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated,
   provides forward secrecy for the session keys generated as a part of
   the authentication run in EAP-AKA'.  This prevents an attacker who
   has gained access to the long-term key from obtaining session keys
   established in the past, assuming these have been properly deleted.
   In addition, EAP-AKA' FS mitigates passive attacks (e.g., large scale
   pervasive monitoring) against future sessions.  This forces attackers
   to use active attacks instead.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-emu-aka-pfs/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-emu-aka-pfs-11

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-emu-aka-pfs-11

Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to