EAP Method Update BOF (emu) xxxxxxxx, November x at xxxx-xxxx ================================= CHAIRS: Jari Arkko (jari.arkko@piuha.net) Joe Salowey (jsalowey@cisco.com) DESCRIPTION: The Extensible Authentication Protocol (EAP), defined in RFC 3748 is a network access authentication framework used in the PPP, 802.11, 802.16, VPN, PANA, and in some functions in 3G networks. EAP itself is a simple protocol and actual authentication happens in so called EAP methods. Over 40 different EAP methods exists. This includes many undocumented and proprietary methods. Only a few methods are documented in RFCs, and out of these, methods listed in the original EAP RFC are no longer applicable in today's environments. For instance, none of the EAP methods that are applicable in a wireless environment are in Standards Track RFCs. This poses a problem for, among other things, the selection of a mandatory to implement EAP method in new network access technologies. Some methods have been defined in Internet Drafts, many of which have expired or have not been updated to reflect the true behavior in the protocols. The lack of documented, open specifications is a deployment and interoperability problem. In addition, new requirements such as those posed by wireless environments are creating needs that are currently not well matched by existing methods. For instance, RFC 4017 documents IEEE 802.11 requirements for EAP methods. Currently, there are only a few EAP methods that satisfy the mandatory requirements listed in this document, and there are no methods that satisfy all requirements. Some proposals for such methods exist, however. Finally, there are authentication mechanism types that are not supported by existing RFCs. For instance, there is no widely applicable method that would be able to authenticate using shared secrets in a wireless environment. The purpose of this BoF is to continue the work started in the EAP WG and in the SECMECH BOF, in a manner focused on few key EAP method needs. One immediate goals is to bring existing widely deployed EAP methods such as EAP-TLS (RFC 2716) to Proposed Standards with clarifications learned during deployment. Another goal is to standardize additional mechanism to match the current requirements. The BoF should have an organized discussion of what specific needs the community sees as worthwhile pursuing, and to discuss the specific technical solutions. The potential work items of the group include 1. Revision of EAP-TLS, to be placed on the standards track. The primary goal of this would be to bring the specification up to date, clarify unclear issues, etc. A standards track specification would also enable the consideration of EAP-TLS as a mandatory requirement in other Proposed Standard specifications. Note that there are limitations in current implementations which may need to be considered during this update. Similarly, the existing EAP-TLS specification may not accommodate all types of extensions in a backwards compatible manner. For instance, there may be issues in adding channel binding support or the use of new TLS mechanisms such as TLS PSK when run against RFC 2716 compliant devices. These issues shall be investigated and clarified; the revised EAP-TLS must be backwards compatible with existing deployment. 2. Shared Secret - a pre-shared secret method. This is likely to be widely deployed if available, and another likely candidate to be referred to by other Proposed Standard specifications. Desired by IEEE 802.11. 3. Password based - essentially a shared secret mechanism that provides resistance to dictionary attacks. It should support various backend databases of password that use different storage techniques and perhaps support for one time tokens as well. Could use something related to EKE or a tunneling approach. Desired by IEEE 802.11, and would likely be widely deployed if available. 4. One time passwords - a secure one-time password -based mechanism that can provide keying material. 5. Tunneling - a tunneling method is useful to protect weaker authentication mechanisms. Tunneling methods are also used to exchange other types of authentication data. 6. Channel binding support - it has been suggested that new methods should have an ability to authenticate identifiers claimed by NASes. But it has also been suggested that backwards compatible extensions to do this in a few commonly used current methods should be developed for security reasons. Similarly, for the ability to retain EAP method and media indepedence, it may be necessary to have coordinated approach or even binding data formats between different methods. 7. Enrollment mechanisms - methods to automatically enroll clients in wireless environments. However, this list should not be taken as a proposal but rather as a template that can be used to determine community consensus on which of the items are worthwhile. It is certainly impossible to take on ALL of the above tasks, so a set of 3-4 priority tasks needs to be determined. There may also be IPR, complexity, or existing deployment concerns that make it undesirable to take on work for a specific item. Although the GUAM work is not a subject of the current BOF, the group's charter may later be extended to cover GUAM work discussed in the SECMECH BOF in IETF-63. This requires an explicit rechartering, however. The creation of this group does not affect existing procedures for IANA allocation of EAP method type numbers, or the publication of individual submissions documenting EAP methods as RFCs. AGENDA: o Background and relation to past SECMECH BOF and EAP WG work (Sam Hartman, 5 min) o EAP methods market situation (chairs, 5 min) o EAP methods technical requirements (tbd, 10 min) o Security AD's requirements for new methods (Russ Housley, 10 min) o EAP methods, SDO requirements (Aboba, 10 min) o EAP TLS issues and limitations (Aboba, 15 min) o Shared secret methods (tbd, 15 min) o Overview of other proposed methods (Eronen, 15 min) o Channel binding approaches (Eronen, 15 min) o Proposed charter (chairs, 15 min) o Discussion (40 min) READING LIST: RFC 3748. Extensible Authentication Protocol (EAP). B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, H. Levkowetz, Ed.. June 2004. RFC 2716, PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October 1999. RFC 4017. Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs. D. Stanley, J. Walker, B. Aboba. March 2005. "EAP IKEv2 Method (EAP-IKEv2)", Hannes Tschofenig, 20-Jul-05, "The EAP-PSK Protocol: a Pre-Shared Key EAP Method", Hannes Tschofenig, Florent Bersani, 10-Aug-05, "EAP Flexible Authentication via Secure Tunneling (EAP-FAST)", Joseph Salowey, 25-Apr-05, "EAP Password Authenticated Exchange", Charles Clancy, William Arbaugh, 6-Jun-05, "The EAP-SKL protocol", Thomas Otto, 1-Aug-05, "The Protected One-Time Password Protocol (EAP-POTP)", Magnus Nystrom, 5-Jul-05, "Dynamic Provisioning using EAP-FAST", Nancy Cam-Winget, 19-Jul-05, "Authenticated Service Information for the Extensible Authentication Protocol (EAP)", Jari Arkko, Pasi Eronen, 20-Jul-05, "An Extensible Authentication Protocol (EAP) Enrollment Method", Rohan Mahy, 13-Jul-05, "AAA-Key Derivation with Lower-Layer Parameter Binding", Mayumi Yanagiya, Yoshihiro Ohba, 1-Jul-05,