PreShared Key EAP methods EAPPSK IETF 60 San

  • Slides: 7
Download presentation
Pre-Shared Key EAP methods & EAP-PSK IETF 60 – San Diego, USA March 2004

Pre-Shared Key EAP methods & EAP-PSK IETF 60 – San Diego, USA March 2004

Are there Pre-Shared Key EAP methods out there? l Standard: – l Individual submissions

Are there Pre-Shared Key EAP methods out there? l Standard: – l Individual submissions (work in progress): – – – l MD 5 -Challenge [RFC 3748] - deprecated for security reasons EAP-FAST EAP-SIM/AKA - designed for GSM/UMTS authentication infrastructure EAP-PSK EAP-PAX EAP-TLS - when Pre-Shared Key support is added [I-D. ietf-tls-psk-00] EAP-IKEv 2 Individual submissions (work abandoned): – – EAP-Archie EAP-SKE

Developing high-quality standard EAP methods l l l Nobody is currently chartered to develop

Developing high-quality standard EAP methods l l l Nobody is currently chartered to develop EAP methods at IETF, not even EAP WG EAP without EAP method is like a pizza without toppings: useless! There are however (very) good reasons to develop Pre-Shared Key EAP methods – – – l They are the simplest ones: start with the easy tasks before moving on to more complicated ones! They would provide insights on EAP: rather than adding features to EAP, we perhaps want to make sure that EAP works well! They are needed in many usage scenarios What do we want to do?

Tentative requirements for a Pre. Shared Key EAP method l l l Pre-Shared Key

Tentative requirements for a Pre. Shared Key EAP method l l l Pre-Shared Key not Password - IPR issues with ZKPPs Lightweight - use only symmetric cryptography Standalone - why develop methods that accommodate various types of credentials: isn't it redundant with EAP? l Available quickly - people don't want to wait more IPR free l Secure. . . l

EAP-PSK status l l EAP-PSK is a proposed solution to the community Current status:

EAP-PSK status l l EAP-PSK is a proposed solution to the community Current status: – – draft-bersani-eap-psk-03 published Open source implementation available at: http: //perso. rd. francetelecom. fr/bersani/

EAP-PSK next steps l Slight rework to include explicit session identifiers – l And

EAP-PSK next steps l Slight rework to include explicit session identifiers – l And then, after security review by experts: – – l Go informational Or will there be a standardization effort? Release Open source implementations – l draft-bersani-eap-psk-04 should be published by September 2004 On two different platforms Develop extensions for EAP-PSK

Any feedback welcome! Florent Bersani, France Telecom R&D florent. bersani@francetelecom. com

Any feedback welcome! Florent Bersani, France Telecom R&D florent. bersani@francetelecom. com

EAPPSK a simple symmetric key EAP method IETFEAPPSK a simple symmetric key EAP method IETF
EAPPSK a simple symmetric key EAP method IETFEAPPSK a simple symmetric key EAP method IETF
EAPPSK v 8 IETF 63 Paris France AugustEAPPSK v 8 IETF 63 Paris France August
EAP Keying Framework Draftabobapppextkeyproblem06 txt EAP WG IETFEAP Keying Framework Draftabobapppextkeyproblem06 txt EAP WG IETF
EAP WG EAP Key Management Framework Draftietfeapkeying03 txtEAP WG EAP Key Management Framework Draftietfeapkeying03 txt
EAP WG EAP Key Management Framework Draftietfeapkeying05 txtEAP WG EAP Key Management Framework Draftietfeapkeying05 txt