http://stupid.domain.name/ietf/

One document matched: draft-nir-tls-eap-08.ps
%!PS-Adobe-3.0
%%Creator: groff version 1.19.2
%%CreationDate: Sun Jul 11 09:49:34 2010
%%DocumentNeededResources: font Times-Roman
%%+ font Courier
%%DocumentSuppliedResources: procset grops 1.19 2
%%Pages: 20 0
%%PageOrder: Ascend
%%DocumentMedia: Default 612 792 0 () ()
%%Orientation: Portrait
%%EndComments
%%BeginDefaults
%%PageMedia: Default
%%EndDefaults
%%BeginProlog
%%BeginProcSet: PStoPS 1 15
userdict begin
[/showpage/erasepage/copypage]{dup where{pop dup load
 type/operatortype eq{1 array cvx dup 0 3 index cvx put
 bind def}{pop}ifelse}{pop}ifelse}forall
[/letter/legal/executivepage/a4/a4small/b5/com10envelope
 /monarchenvelope/c5envelope/dlenvelope/lettersmall/note
 /folio/quarto/a5]{dup where{dup wcheck{exch{}put}
 {pop{}def}ifelse}{pop}ifelse}forall
/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put}
 {pop def}ifelse}{def}ifelse
/PStoPSmatrix matrix currentmatrix def
/PStoPSxform matrix def/PStoPSclip{clippath}def
/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def
/initmatrix{matrix defaultmatrix setmatrix}bind def
/initclip[{matrix currentmatrix PStoPSmatrix setmatrix
 [{currentpoint}stopped{$error/newerror false put{newpath}}
 {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse]
 {[/newpath cvx{/moveto cvx}{/lineto cvx}
 {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop}
 stopped{$error/errorname get/invalidaccess eq{cleartomark
 $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop
 /initclip dup load dup type dup/operatortype eq{pop exch pop}
 {dup/arraytype eq exch/packedarraytype eq or
  {dup xcheck{exch pop aload pop}{pop cvx}ifelse}
  {pop cvx}ifelse}ifelse
 {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def
/initgraphics{initmatrix newpath initclip 1 setlinewidth
 0 setlinecap 0 setlinejoin []0 setdash 0 setgray
 10 setmiterlimit}bind def
end
%%EndProcSet
%%BeginResource: procset grops 1.19 2
%!PS-Adobe-3.0 Resource-ProcSet
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
/setcmykcolor where{
pop
/Fk{
setcmykcolor fill
}bind def
}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
/setcmykcolor where{
pop
/Ck/setcmykcolor load def
}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
/setpagedevice{}def
}bind def
/PEND{
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%EndProlog
%%BeginSetup
%%BeginFeature: *PageSize Default
<< /PageSize [ 612 792 ] /ImagingBBox null >> setpagedevice
%%EndFeature
%%IncludeResource: font Times-Roman
%%IncludeResource: font Courier
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 792 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron
/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE
userdict/PStoPSxform PStoPSmatrix matrix currentmatrix
 matrix invertmatrix matrix concatmatrix
 matrix invertmatrix put
%%EndSetup
%%Page: (0) 1
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(TLS W)72 84 Q(orking Group)-.8 E 2.58 -1.29
(Y. N)360.66 H(ir)1.29 E 360.8(Internet-Draft Check)72 96 R(Point)2.5 E
(Intended status: Standards T)72 108 Q 294.93(rack Y)-.35 F 2.5(.S)-1.29
G(hef)-2.5 E(fer)-.25 E(Expires: January 12, 2011)72 120 Q(Independent)
314.14 E(H. Tschofenig)482.79 132 Q(NSN)520 144 Q 2.22 -1.11(P. G)493.33
156 T(utmann)1.11 E(Uni)445.97 168 Q -.15(ve)-.25 G(rsity of Auckland)
.15 E(July 11, 2010)485.83 180 Q(TLS using EAP Authentication)243.36 216
Q(draft-nir)267.78 228 Q(-tls-eap-08)-.2 E(Abstract)72 252 Q
(This document describes an e)102 276 Q
(xtension to the TLS protocol to allo)-.15 E 2.5(wT)-.25 G
(LS clients to authenticate with le)-2.5 E -.05(ga)-.15 G -.15(cy).05 G
(credentials using the Extensible Authentication Protocol \(EAP\).)102
288 Q(This w)102 312 Q(ork follo)-.1 E(ws the e)-.25 E
(xample of IKEv2, where EAP has been added to the protocol to allo)-.15
E 2.5(wc)-.25 G(lients to use)-2.5 E(dif)102 324 Q
(ferent credentials such as passw)-.25 E(ords, tok)-.1 E
(en cards, and shared secrets.)-.1 E(Status of this Memo)72 348 Q
(This Internet-Draft is submitted in full conformance with the pro)102
372 Q(visions of BCP)-.15 E(78 and BCP)5 E(79.)5 E
(Internet-Drafts are w)102 396 Q
(orking documents of the Internet Engineering T)-.1 E(ask F)-.8 E
(orce \(IETF\).)-.15 E(Note that other)5 E(groups may also distrib)102
408 Q(ute w)-.2 E(orking documents as Internet-Drafts.)-.1 E
(The list of current Internet- Drafts is at)5 E(http://datatrack)102 420
Q(er)-.1 E(.ietf.or)-.55 E(g/drafts/current/.)-.18 E
(Internet-Drafts are draft documents v)102 444 Q
(alid for a maximum of six months and may be updated, replaced, or)-.25
E(obsoleted by other documents at an)102 456 Q 2.5(yt)-.15 G 2.5
(ime. It)-2.5 F
(is inappropriate to use Internet-Drafts as reference material or)2.5 E
(to cite them other than as "w)102 468 Q(ork in progress.")-.1 E
(This Internet-Draft will e)102 492 Q(xpire on January 12, 2011.)-.15 E
(Cop)72 516 Q(yright Notice)-.1 E(Cop)102 540 Q
(yright \(c\) 2010 IETF T)-.1 E
(rust and the persons identi\214ed as the document authors.)-.35 E
(All rights reserv)5 E(ed.)-.15 E
(This document is subject to BCP 78 and the IETF T)102 564 Q
(rust\264s Le)-.35 E -.05(ga)-.15 G 2.5(lP).05 G(ro)-2.5 E
(visions Relating to IETF Documents)-.15 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5
(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E
(age 1])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (1) 2
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E(\(http://trustee.ietf.or)102 84 Q
(g/license-info\) in ef)-.18 E
(fect on the date of publication of this document.)-.25 E(Please re)5 E
(vie)-.25 E 2.5(wt)-.25 G(hese)-2.5 E(documents carefully)102 96 Q 2.5
(,a)-.65 G 2.5(st)-2.5 G(he)-2.5 E 2.5(yd)-.15 G
(escribe your rights and restrictions with respect to this document.)
-2.5 E(Code)5 E(Components e)102 108 Q
(xtracted from this document must include Simpli\214ed BSD License te)
-.15 E(xt as described in Section)-.15 E(4.e of the T)102 120 Q(rust Le)
-.35 E -.05(ga)-.15 G 2.5(lP).05 G(ro)-2.5 E(visions and are pro)-.15 E
(vided without w)-.15 E(arranty as described in the Simpli\214ed BSD)-.1
E(License.)102 132 Q -.8(Ta)72 168 S(ble of Contents).8 E 2.5
(1. Introduction)79.5 192 R(3)393.56 E 2.5(1.1. EAP)84.5 204 R 353.83
(Applicability 4)2.5 F 2.5(1.2. Comparison)84.5 216 R
(with Design Alternati)2.5 E -.15(ve)-.25 G 279.52(s4).15 G 2.5
(1.3. Con)84.5 228 R -.15(ve)-.4 G(ntions Used in This Document).15 E(4)
282.72 E 2.5(2. Operating)79.5 240 R(En)2.5 E 346.19(vironment 5)-.4 F
2.5(3. Protocol)79.5 252 R(Ov)2.5 E(ervie)-.15 E 367.58(w6)-.25 G 2.5
(3.1. The)84.5 264 R(tee_supported Extension)2.5 E(7)313.85 E 2.5
(3.2. The)84.5 276 R(InterimAuth Handshak)2.5 E 2.5(eM)-.1 G 276.19
(essage 7)-2.5 F 2.5(3.3. The)84.5 288 R(EapMsg Handshak)2.5 E 2.5(eM)
-.1 G 292.3(essage 8)-2.5 F 2.5(3.4. Calculating)84.5 300 R
(the Finished message)2.5 E(8)296.34 E 2.5(4. Security)79.5 312 R 339.67
(Considerations 10)2.5 F 2.5(4.1. InterimAuth)84.5 324 R(vs. Finished)
2.5 E(10)325.22 E 2.5(4.2. Identity)84.5 336 R 348.28(Protection 10)2.5
F 2.5(4.3. Mutual)84.5 348 R 332.17(Authentication 11)2.5 F 2.5
(5. Performance)79.5 360 R 321.91(Considerations 12)2.5 F 2.5
(6. Operational)79.5 372 R 325.79(Considerations 13)2.5 F 2.5(7. IAN)
79.5 384 R 2.5(AC)-.35 G 348.36(onsiderations 14)-2.5 F 2.5(8. Ackno)
79.5 396 R 360.76(wledgments 15)-.25 F 2.5(9. Changes)79.5 408 R
(from Pre)2.5 E(vious V)-.25 E 304.93(ersions 16)-1.11 F 2.5
(9.1. Changes)84.5 420 R(in v)2.5 E(ersion -02)-.15 E(16)333.16 E 2.5
(9.2. Changes)84.5 432 R(in v)2.5 E(ersion -01)-.15 E(16)333.16 E 2.5
(9.3. Changes)84.5 444 R(from the protocol model draft)2.5 E(16)269.69 E
(10. Open Issues)79.5 456 Q(17)386.9 E(11. References)79.5 468 Q(18)
391.08 E(11.1. Normati)84.5 480 Q .3 -.15(ve R)-.25 H 331.21
(eferences 18).15 F(11.2. Informati)84.5 492 Q .3 -.15(ve R)-.25 H
326.77(eferences 18).15 F(Authors\264 Addresses)79.5 504 Q(20)371.35 E
(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)149.725 E(age 2])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (2) 3
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(1. Introduction)72 84 R
(This document describes a ne)102 108 Q 2.5(we)-.25 G
(xtension to [TLS].)-2.65 E(This e)5 E(xtension allo)-.15 E
(ws a TLS client to authenticate using)-.25 E
([EAP] instead of performing the authentication at the application le)
102 120 Q -.15(ve)-.25 G 2.5(l. The).15 F -.15(ex)2.5 G(tension follo)
.15 E(ws [TLS-EXT].)-.25 E -.15(Fo)102 132 S 2.5(rt).15 G
(he remainder of this document we will refer to this e)-2.5 E
(xtension as TEE \(TLS with EAP Extension\).)-.15 E(TEE e)102 156 Q
(xtends the TLS handshak)-.15 E 2.5(eb)-.1 G -.15(ey)-2.5 G(ond the re)
.15 E(gular setup, to allo)-.15 E 2.5(wt)-.25 G
(he EAP protocol to run between the TLS)-2.5 E(serv)102 168 Q(er \(call\
ed an "authenticator" in EAP\) and the TLS client \(called a "supplican\
t"\).)-.15 E(This allo)5 E(ws the TLS)-.25 E
(architecture to handle client authentication before e)102 180 Q
(xposing the serv)-.15 E(er application softw)-.15 E(are to an)-.1 E
(unauthenticated client.)102 192 Q(In doing this, we follo)5 E 2.5(wt)
-.25 G(he approach tak)-2.5 E(en for IKEv2 in [RFC4306].)-.1 E(Ho)5 E
(we)-.25 E -.15(ve)-.25 G -.4(r,).15 G(similar to re)102 204 Q(gular TL\
S, we protect the user identity by only sending the client identity aft\
er the serv)-.15 E(er has)-.15 E 2.5(authenticated. In)102 216 R
(this our solution dif)2.5 E(fers from that of IKEv2.)-.25 E(Currently \
used applications that rely on non-certi\214cate user credentials use T\
LS to authenticate the serv)102 240 Q(er)-.15 E(only)102 252 Q 5(.A)-.65
G(fter that, the application tak)-5 E(es o)-.1 E -.15(ve)-.15 G .8 -.4
(r, a).15 H(nd presents a login screen where the user is e).4 E
(xpected to present)-.15 E(their credentials.)102 264 Q(This creates se)
102 288 Q -.15(ve)-.25 G(ral problems.).15 E(It allo)5 E(ws a client to\
 access the application before authentication, thus creating)-.25 E 2.5
(ap)102 300 S(otential for anon)-2.5 E
(ymous attacks on non-hardened applications.)-.15 E(Additionally)5 E 2.5
(,w)-.65 G(eb pages are not)-2.5 E
(particularly well suited for long shared secrets and for interf)102 312
Q(acing with certain de)-.1 E(vices such as USB tok)-.25 E(ens.)-.1 E
(TEE allo)102 336 Q(ws full mutual authentication to occur for all thes\
e applications within the TLS e)-.25 E 2.5(xchange. The)-.15 F
(application recei)102 348 Q -.15(ve)-.25 G 2.5(sc).15 G
(ontrol only when the user is identi\214ed and authenticated.)-2.5 E
(The authentication can be)5 E -.2(bu)102 360 S(ilt into the serv).2 E
(er infrastructure by connecting to an AAA serv)-.15 E(er)-.15 E 5(.T)
-.55 G(he client side can be inte)-5 E(grated into)-.15 E(client softw)
102 372 Q(are such as web bro)-.1 E(wsers and mail clients.)-.25 E
(An EAP infrastructure is already b)5 E(uilt into some)-.2 E
(operating systems pro)102 384 Q(viding a user interf)-.15 E
(ace for each authentication method within EAP)-.1 E(.)-1.11 E 1.6 -.8
(We i)102 408 T(ntend TEE to be used for v).8 E(arious protocols that u\
se TLS such as HTTPS, in cases where certi\214cate)-.25 E
(based client authentication is not practical.)102 420 Q
(This includes web-based mail services, online banking, premium)5 E
(content websites and mail clients.)102 432 Q(Another class of applicat\
ions that may see bene\214t from TEE are TLS based VPN clients used as \
part of)102 456 Q(so-called "SSL VPN" products.)102 468 Q
(No such client protocols ha)5 E .3 -.15(ve s)-.2 H 2.5(of).15 G
(ar been standardized.)-2.6 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G
143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E(age 3])
-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (3) 4
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(1.1. EAP)72 84 R(Applicability)2.5 E
(Section 1.3 of [EAP] states that EAP is only applicable for netw)102
108 Q(ork access authentication, rather than for)-.1 E("b)102 120 Q
(ulk data transfer".)-.2 E(It then goes on to e)5 E(xplain wh)-.15 E 2.5
(yt)-.05 G(he transport properties of EAP indeed mak)-2.5 E 2.5(ei)-.1 G
(t)-2.5 E(unsuitable for b)102 132 Q(ulk data transfer)-.2 E 2.5(,e)-.4
G(.g. for lar)-2.5 E(ge \214le transport.)-.18 E
(Our proposed use of EAP f)5 E(alls squarely within)-.1 E
(the applicability as de\214ned, since we mak)102 144 Q 2.5(en)-.1 G 2.5
(of)-2.5 G(urther use of EAP be)-2.5 E(yond access authentication.)-.15
E 2.5(1.2. Comparison)72 168 R(with Design Alternati)2.5 E -.15(ve)-.25
G(s).15 E(It has been suggested to implement EAP authentication as part\
 of the protected application, rather than as)102 192 Q
(part of the TLS handshak)102 204 Q 2.5(e. A)-.1 F
(BCP document could be used to describe a secure w)2.5 E
(ay of doing this.)-.1 E(The)5 E(dra)102 216 Q
(wbacks we see in such an approach are listed belo)-.15 E(w:)-.25 E 25
(oE)102 228 S(AP does not ha)-25 E .3 -.15(ve a p)-.2 H
(re-de\214ned transport method.).15 E(Application designers w)5 E
(ould need to specify an)-.1 E(EAP transport for each application.)132
240 Q(Making this a part of TLS has the bene\214t of a single speci\214\
cation)5 E(for all protected applications.)132 252 Q 25(oT)102 264 S
(he inte)-25 E(gration of EAP and TLS is security-sensiti)-.15 E .3 -.15
(ve a)-.25 H(nd should be standardized and interoperable.).15 E 1.6 -.8
(We d)132 276 T 2.5(on).8 G(ot belie)-2.5 E .3 -.15(ve t)-.25 H(hat it \
should be left to application designers to do this in a secure manner)
.15 E(.)-.55 E(Speci\214cally on the serv)132 288 Q(er)-.15 E
(-side, inte)-.2 E(gration with AAA serv)-.15 E(ers adds comple)-.15 E
(xity and is more naturally)-.15 E
(part of the underlying infrastrcture.)132 300 Q 25(oO)102 312 S
(ur current proposal pro)-25 E
(vides channel binding between TLS and EAP)-.15 E 2.5(,t)-1.11 G 2.5(oc)
-2.5 G(ounter the MITM attacks)-2.5 E(described in [MITM].)132 324 Q
(TLS does not pro)5 E(vide an)-.15 E 2.5(ys)-.15 G(tandard w)-2.5 E
(ay of e)-.1 E(xtracting cryptographic material)-.15 E(from the TLS sta\
te, and in most implementations, the TLS state is not e)132 336 Q
(xposed to the protected)-.15 E 2.5(application. Because)132 348 R
(of this, it is dif)2.5 E
(\214cult for application designers to bind the user authentication to)
-.25 E(the protected channel pro)132 360 Q(vided by TLS.)-.15 E 2.5
(1.3. Con)72 384 R -.15(ve)-.4 G(ntions Used in This Document).15 E
(The k)102 408 Q .3 -.15(ey w)-.1 H(ords "MUST", "MUST NO).05 E
(T", "REQ)-.4 E(UIRED", "SHALL", "SHALL NO)-.1 E(T", "SHOULD",)-.4 E
("SHOULD NO)102 420 Q(T", "RECOMMENDED", "MA)-.4 E(Y", and "OPTION)-1.05
E(AL" in this document are to be interpreted)-.35 E
(as described in [RFC2119].)102 432 Q(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)
-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)149.725 E
(age 4])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (4) 5
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(2. Operating)72 84 R(En)2.5 E(vironment)-.4 E
(TEE will w)102 108 Q(ork between a client application and a serv)-.1 E
(er application, performing either client authentication)-.15 E
(or mutual authentication within the TLS e)102 120 Q(xchange.)-.15 E/F1
10/Courier@0 SF 144(Client Server)132 156 R 24
(+-------------------------+ +------------------------+)108 168 R 12(||)
108 180 S(GUI| | Client | |TLS+-+-----+-+TLS|)-12 E 30(|Server |)18 F(|)
6 E 12(|+)108 192 S(-^-+ |Software| +-^-+ |)-12 E 12
(+-+-^-+ |Application)30 F 6(||)6 G 24(||)108 204 S 12(+--------+ | |)-6
F -12 18(|| |)30 H 18(Software |)-18 F(|)6 E 42 24(|| |)108 216 T 30(||)
-6 G 30(|+)-12 G(------------+ |)-30 E 12(|+)108 228 S
(-v----------------v-+ |)-12 E 78 18(|| |)30 H -12 12(|| E)108 240 T 78
(AP |)-12 F 30(|+)6 G(---|--------------------+)-30 E 12(||I)108 252 S
18(nfrastructure |)-12 F 54(||)6 G 12(|+)108 264 S
(--------------------+ |)-12 E 24(|+)54 G(--------+)-24 E 48
(+-------------------------+ |)108 276 R 6(|A)24 G 18(AA |)-6 F 24(||)
324 288 S(Server |)-18 E 42(+----- |)324 300 R(+--------+)354 312 Q F0
(The abo)102 336 Q .3 -.15(ve d)-.15 H(iagram sho).15 E
(ws the typical deplo)-.25 E 2.5(yment. The)-.1 F(client has softw)2.5 E
(are that either includes a UI for some)-.1 E
(EAP methods, or else is able to in)102 348 Q -.2(vo)-.4 G .2 -.1(ke s)
.2 H(ome operating system EAP infrastructure that tak).1 E
(es care of the user)-.1 E 2.5(interaction. The)102 360 R(serv)2.5 E
(er is con\214gured with the address and protocol of the AAA serv)-.15 E
(er)-.15 E 5(.T)-.55 G(ypically the AAA)-5.8 E(serv)102 372 Q(er commun\
icates using the RADIUS protocol with EAP \([RADIUS] and [RAD-EAP]\), o\
r the Diameter)-.15 E(protocol \([Diameter] and [Dia-EAP]\).)102 384 Q
(As stated in the introduction, we e)102 408 Q
(xpect TEE to be used in both bro)-.15 E(wsers and applications.)-.25 E
(Further uses may)5 E(be authentication and k)102 420 Q .3 -.15(ey g)-.1
H(eneration for other protocols, and tunneling clients, which so f).15 E
(ar ha)-.1 E .3 -.15(ve n)-.2 H(ot been).15 E(standardized.)102 432 Q
(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)149.725 E(age 5])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (5) 6
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(3. Protocol)72 84 R(Ov)2.5 E(ervie)-.15 E(w)
-.25 E(When TLS is used with EAP)102 108 Q 2.5(,a)-1.11 G(dditional rec\
ords are sent after the ChangeCipherSpec protocol message and)-2.5 E
(before the Finished message, ef)102 120 Q(fecti)-.25 E -.15(ve)-.25 G
(ly creating an e).15 E(xtended handshak)-.15 E 2.5(eb)-.1 G
(efore the application layer data)-2.5 E(can be sent.)102 132 Q
(Each EapMsg handshak)5 E 2.5(er)-.1 G(ecord contains e)-2.5 E
(xactly one EAP message.)-.15 E(Using EAP for client)5 E
(authentication allo)102 144 Q(ws TLS to be used with v)-.25 E
(arious AAA back-end serv)-.25 E(ers such as RADIUS or Diameter)-.15 E
(.)-.55 E(TLS with EAP may be used for securing a data connection such \
as HTTP or POP3.)102 168 Q 1.6 -.8(We b)5 H(elie).8 E .3 -.15(ve i)-.25
H 2.5(th).15 G(as three)-2.5 E(main bene\214ts:)102 180 Q 25(oT)102 192
S(he ability of EAP to w)-25 E(ork with back)-.1 E(end serv)-.1 E
(ers can remo)-.15 E .3 -.15(ve t)-.15 H(hat b).15 E
(urden from the application layer)-.2 E(.)-.55 E 25(oM)102 204 S -.15
(ov)-25 G(ing the user authentication into the TLS handshak).15 E 2.5
(ep)-.1 G(rotects the presumably less secure)-2.5 E
(application layer from attacks by unauthenticated parties.)132 216 Q 25
(oU)102 228 S
(sing mutual authentication methods within EAP can help thw)-25 E
(art certain classes of phishing attacks.)-.1 E(The TEE e)102 252 Q
(xtension de\214nes the follo)-.15 E(wing:)-.25 E 25(oA)102 264 S(ne)
-22.5 E 2.5(we)-.25 G(xtension type called tee_supported, used to indic\
ate that the communicating application)-2.65 E(\(either client or serv)
132 276 Q(er\) supports this e)-.15 E(xtension.)-.15 E 25(oA)102 288 S
(ne)-22.5 E 2.5(wm)-.25 G(essage type for the handshak)-2.5 E 2.5(ep)-.1
G(rotocol, called InterimAuth, which is used to sign pre)-2.5 E(vious)
-.25 E(messages.)132 300 Q 25(oA)102 312 S(ne)-22.5 E 2.5(wm)-.25 G
(essage type for the handshak)-2.5 E 2.5(ep)-.1 G
(rotocol, called EapMsg, which is used to carry a single EAP)-2.5 E
(message.)132 324 Q(The diagram belo)102 348 Q 2.5(wo)-.25 G
(utlines the protocol structure.)-2.5 E -.15(Fo)5 G 2.5(ri).15 G
(llustration purposes only)-2.5 E 2.5(,w)-.65 G 2.5(eu)-2.5 G
(se the GPSK EAP)-2.5 E(method [EAP-GPSK].)102 360 Q(Nir)72 696 Q 2.5
(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E
([P)149.725 E(age 6])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (6) 7
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E/F1 10/Courier@0 SF 276(Client Server)138 84 R 276
(------ ------)138 96 R 72(ClientHello\(*\) -------->)138 120 R
(ServerHello\(*\))408 132 Q(\(Certificate\))414 144 Q(ServerKeyExchange)
390 156 Q(EapMsg\(Identity-Request\))348 168 Q 36
(<-------- ServerHelloDone)306 180 R(ClientKeyExchange)138 192 Q
(\(CertificateVerify\))138 204 Q(ChangeCipherSpec)138 216 Q(InterimAuth)
138 228 Q 24(EapMsg\(Identity-Reply\) -------->)138 240 R
(ChangeCipherSpec)396 252 Q(InterimAuth)426 264 Q
(EapMsg\(GPSK-Request\))372 276 Q(<--------)300 288 Q 48
(EapMsg\(GPSK-Reply\) -------->)138 300 R(EapMsg\(GPSK-Request\))372 312
Q(<--------)300 324 Q 48(EapMsg\(GPSK-Reply\) -------->)138 336 R
(EapMsg\(Success\))402 348 Q 84(<-------- Finished)300 360 R 108
(Finished -------->)138 372 R
(\(*\) The ClientHello and ServerHello include the tee_supported)126 396
Q(extension to indicate support for TEE)150 408 Q F0
(The client indicates in the \214rst message its support for TEE.)102
444 Q(The serv)5 E(er sends an EAP identity request in the)-.15 E(reply)
102 456 Q 5(.T)-.65 G
(he client sends the identity reply after the handshak)-5 E 2.5(ec)-.1 G
2.5(ompletion. The)-2.5 F(EAP request- response)2.5 E(sequence continue\
s until the client is either authenticated or rejected.)102 468 Q 2.5
(3.1. The)72 492 R(tee_supported Extension)2.5 E(The tee_supported e)102
516 Q(xtension is a ClientHello and Serv)-.15 E(erHello e)-.15 E
(xtension as de\214ned in section 2.3 of)-.15 E 2.5([TLS-EXT]. The)102
528 R -.15(ex)2.5 G(tension_type \214eld is TB).15 E 2.5(Ab)-.35 G 2.5
(yI)-2.5 G(AN)-2.5 E 2.5(A. The)-.35 F -.15(ex)2.5 G
(tension_data is zero-length.).15 E 2.5(3.2. The)72 552 R
(InterimAuth Handshak)2.5 E 2.5(eM)-.1 G(essage)-2.5 E(The InterimAuth \
message is identical in syntax to the Finished message described in sec\
tion 7.4.9 of [TLS].)102 576 Q(It is calculated in)102 588 Q(Nir)72 696
Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)
2.5 E([P)149.725 E(age 7])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (7) 8
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E -.15(ex)102 84 S(actly the same w).15 E(ay)-.1 E(.)
-.65 E(The semantics, ho)102 108 Q(we)-.25 E -.15(ve)-.25 G .8 -.4(r, a)
.15 H(re some).4 E(what dif)-.25 E 2.5(ferent. The)-.25 F
("Finished" message indicates that application data)2.5 E(may no)102 120
Q 2.5(wb)-.25 G 2.5(es)-2.5 G 2.5(ent. The)-2.5 F
("InterimAuth" message does not indicate this.)2.5 E
(Instead, further handshak)5 E 2.5(em)-.1 G(essages)-2.5 E(are needed.)
102 132 Q(The Handshak)102 156 Q(eT)-.1 E(ype v)-.8 E
(alue for the InterimAuth handshak)-.25 E 2.5(em)-.1 G(essage is TB)-2.5
E 2.5(Ab)-.35 G 2.5(yI)-2.5 G(AN)-2.5 E(A.)-.35 E 2.5(3.3. The)72 180 R
(EapMsg Handshak)2.5 E 2.5(eM)-.1 G(essage)-2.5 E(The EapMsg handshak)
102 204 Q 2.5(em)-.1 G(essage carries e)-2.5 E
(xactly one EAP message as de\214ned in [EAP].)-.15 E(The Handshak)102
228 Q(eT)-.1 E(ype v)-.8 E(alue for the EapMsg handshak)-.25 E 2.5(em)
-.1 G(essage is TB)-2.5 E 2.5(Ab)-.35 G 2.5(yI)-2.5 G(AN)-2.5 E(A.)-.35
E(The EapMsg message is used to tunnel EAP messages between the authent\
ication serv)102 252 Q(er)-.15 E 2.5(,w)-.4 G(hich may be)-2.5 E
(co-located with the TLS serv)102 264 Q(er)-.15 E 2.5(,o)-.4 G 2.5(re)
-2.5 G(lse may be a separate AAA serv)-2.5 E(er)-.15 E 2.5(,a)-.4 G
(nd the supplicant, which is)-2.5 E(co-located with the TLS client.)102
276 Q(TLS on either side recei)5 E -.15(ve)-.25 G 2.5(st).15 G
(he EAP data from the EAP infrastructure, and)-2.5 E
(treats it as opaque.)102 288 Q(TLS does not mak)5 E 2.5(ea)-.1 G .3
-.15(ny c)-2.5 H(hanges to the EAP payload or mak).15 E 2.5(ea)-.1 G .3
-.15(ny d)-2.5 H(ecisions based on the).15 E
(contents of an EapMsg handshak)102 300 Q 2.5(em)-.1 G(essage.)-2.5 E
(Note that it is e)102 324 Q(xpected that the authentication serv)-.15 E
(er noti\214es the TLS serv)-.15 E(er about authentication success or)
-.15 E -.1(fa)102 336 S(ilure, and so TLS need not inspect the eap_payl\
oad within the EapMsg to detect success or f).1 E(ailure.)-.1 E/F1 10
/Courier@0 SF(struct {)138 360 Q(opaque eap_payload[4..65535];)162 372 Q
6(}E)138 384 S(apMsg;)-6 E F0
(eap_payload is de\214ned in section 4 of RFC 3748.)102 408 Q
(It includes the Code, Identi\214er)5 E 2.5(,L)-.4 G
(ength and Data \214elds of)-2.5 E(the EAP pack)102 420 Q(et.)-.1 E 2.5
(3.4. Calculating)72 444 R(the Finished message)2.5 E
(If the EAP method is k)102 468 Q -.15(ey)-.1 G
(-generating \(see [I-D.ietf-eap-k).15 E -.15(ey)-.1 G
(ing]\), the Finished message is calculated as).15 E(follo)102 480 Q
(ws:)-.25 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)
-2.5 F(January 12, 2011)2.5 E([P)149.725 E(age 8])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (8) 9
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E/F1 10/Courier@0 SF(struct {)138 84 Q
(opaque verify_data[12];)162 96 Q 6(}F)138 108 S(inished;)-6 E
(verify_data)138 132 Q
(PRF\(MSK, finished_label, MD5\(handshake_messages\) +)162 144 Q
(SHA-1\(handshake_messages\)\) [0..11];)162 156 Q F0(The \214nished_lab\
el and the PRF are as de\214ned in section 7.4.9 of [TLS].)102 180 Q
(The handshak)102 204 Q(e_messages \214eld, unlik)-.1 E 2.5(er)-.1 G
-.15(eg)-2.5 G(ular TLS, does not sign all the data in the handshak).15
E 2.5(e. Instead)-.1 F(it)2.5 E
(signs all the data that has not been signed by the pre)102 216 Q
(vious InterimAuth message.)-.25 E(The handshak)5 E(e_messages)-.1 E
(\214eld includes all of the octets be)102 228 Q
(ginning with and including the InterimAuth message, up to b)-.15 E
(ut not including)-.2 E(this Finished message.)102 240 Q
(This is the concatenation of all the Handshak)5 E 2.5(es)-.1 G
(tructures e)-2.5 E(xchanged thus f)-.15 E(ar)-.1 E 2.5(,a)-.4 G(nd not)
-2.5 E
(yet signed, as de\214ned in section 7.4 of [TLS]and in this document.)
102 252 Q(The Master Session K)102 276 Q .3 -.15(ey \()-.25 H
(MSK\) is deri).15 E -.15(ve)-.25 G 2.5(db).15 G 2.5(yt)-2.5 G
(he AAA serv)-2.5 E(er and by the client if the EAP method is)-.15 E -.1
(ke)102 288 S 2.5(y-generating. On)-.05 F(the serv)2.5 E(er)-.15 E
(-side, it is typically recei)-.2 E -.15(ve)-.25 G 2.5(df).15 G
(rom the AAA serv)-2.5 E(er o)-.15 E -.15(ve)-.15 G 2.5(rt).15 G
(he RADIUS or)-2.5 E(Diameter protocol.)102 300 Q
(On the client-side, it is passed to TLS by some other method.)5 E
(If the EAP method is not k)102 324 Q -.15(ey)-.1 G(-generating, then t\
he master_secret is used to sign the messages instead of the).15 E 2.5
(MSK. F)102 336 R
(or a discussion on the use of such methods, see Section)-.15 E(4.1.)5 E
(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)149.725 E(age 9])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (9) 10
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(4. Security)72 84 R(Considerations)2.5 E 2.5
(4.1. InterimAuth)72 108 R(vs. Finished)2.5 E(In re)102 132 Q
(gular TLS, the Finished message pro)-.15 E(vides tw)-.15 E 2.5(of)-.1 G
(unctions: it signs all preceding messages, and it signals)-2.5 E
(that application data can no)102 144 Q 2.5(wb)-.25 G 2.5(es)-2.5 G 2.5
(ent. In)-2.5 F(TEE, it only signs those messages that ha)2.5 E .3 -.15
(ve n)-.2 H(ot yet been signed.).15 E
(Some EAP methods, such as EAP-TLS, EAP-IKEv2 and EAP-SIM generate k)102
168 Q -.15(ey)-.1 G 2.5(si).15 G 2.5(na)-2.5 G(ddition to)-2.5 E
(authenticating clients.)102 180 Q(Such methods are said to be resistan\
t to man-in-the-middle \(MITM\) attacks as)5 E(discussed in [MITM].)102
192 Q(Such methods are called k)5 E -.15(ey)-.1 G(-generating methods.)
.15 E 1.6 -.8(To r)102 216 T
(ealize the bene\214t of such methods, we need to v).8 E(erify the k)
-.15 E .3 -.15(ey t)-.1 H(hat w).15 E
(as generated within the EAP method.)-.1 E
(This is referred to as the MSK in EAP)102 228 Q 5(.I)-1.11 G 2.5(nT)-5
G(EE, the InterimAuth message signs all pre)-2.5 E(vious messages with)
-.25 E(the master_secret, just lik)102 240 Q 2.5(et)-.1 G
(he Finished message in re)-2.5 E(gular TLS.)-.15 E
(The Finished message signs the rest of the)5 E
(messages using the MSK if such e)102 252 Q 2.5(xists. If)-.15 F
(not, then the messages are signed with the master_secret as in)2.5 E
(re)102 264 Q(gular TLS.)-.15 E
(The need for signing twice arises from the f)102 288 Q
(act that we need to use both the master_secret and the MSK.)-.1 E(It)5
E -.1(wa)102 300 S 2.5(sp).1 G(ossible to use just one Finished record \
and blend the MSK into the master_secret.)-2.5 E(Ho)5 E(we)-.25 E -.15
(ve)-.25 G .8 -.4(r, t).15 H(his w).4 E(ould)-.1 E
(needlessly complicate the protocol and mak)102 312 Q 2.5(es)-.1 G
(ecurity analysis more dif)-2.5 E 2.5(\214cult. Instead,)-.25 F(we ha)
2.5 E .3 -.15(ve d)-.2 H(ecided to).15 E(follo)102 324 Q 2.5(wt)-.25 G
(he e)-2.5 E(xample of IKEv2, where tw)-.15 E 2.5(oA)-.1 G
(UTH payloads are e)-3.05 E(xchanged.)-.15 E
(It should be noted that using non-k)102 348 Q -.15(ey)-.1 G
(-generating methods may e).15 E
(xpose the client to a MITM attack if the)-.15 E(same method and creden\
tials are used in some other situation, in which the EAP is done outsid\
e of a)102 360 Q(protected tunnel with an authenticated serv)102 372 Q
(er)-.15 E 5(.U)-.55 G
(nless it can be determined that the EAP method is ne)-5 E -.15(ve)-.25
G 2.5(ru).15 G(sed)-2.5 E(in such a situation, non-k)102 384 Q -.15(ey)
-.1 G(-generating methods SHOULD NO).15 E 2.5(Tb)-.4 G 2.5(eu)-2.5 G 2.5
(sed. This)-2.5 F(issue is discussed e)2.5 E(xtensi)-.15 E -.15(ve)-.25
G(ly).15 E(in [Compound-Authentication].)102 396 Q 2.5(4.2. Identity)72
420 R(Protection)2.5 E(Unlik)102 444 Q 2.5(e[)-.1 G(TLS-PSK], TEE pro)
-2.5 E(vides identity protection for the client.)-.15 E
(The client\264s identity is hidden from a)5 E(passi)102 456 Q .3 -.15
(ve e)-.25 H -2.25 -.2(av e).15 H(sdropper using TLS encryption.).2 E
(Acti)5 E .3 -.15(ve a)-.25 H(ttacks are discussed in Section).15 E
(4.3.)5 E 1.6 -.8(We c)102 480 T(ould sa).8 E .3 -.15(ve o)-.2 H
(ne round-trip by ha).15 E
(ving the client send its identity within the Client Hello message.)-.2
E(This is)5 E(similar to TLS-PSK.)102 492 Q(Ho)5 E(we)-.25 E -.15(ve)
-.25 G .8 -.4(r, w).15 H 2.5(eb).4 G(elie)-2.5 E .3 -.15(ve t)-.25 H
(hat identity protection is a w).15 E(orth)-.1 E 2.5(ye)-.05 G
(nough goal, so as to justify)-2.5 E(the e)102 504 Q(xtra round-trip.)
-.15 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 10])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (10) 11
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(4.3. Mutual)72 84 R(Authentication)2.5 E
(In order to achie)102 108 Q .3 -.15(ve o)-.25 H
(ur security goals, we need to ha).15 E .3 -.15(ve b)-.2 H(oth the serv)
.15 E(er and the client authenticate.)-.15 E(Client)5 E
(authentication is ob)102 120 Q(viously done using the EAP method.)-.15
E(The serv)5 E(er authentication can be done in either of)-.15 E(tw)102
132 Q 2.5(ow)-.1 G(ays:)-2.6 E 2.5(1. The)102 144 R(client can v)2.5 E
(erify the serv)-.15 E(er certi\214cate.)-.15 E(This may w)5 E
(ork well depending on the scenario, b)-.1 E(ut implies)-.2 E(that the \
client or its user can recognize the right DN or alternate name, and di\
stinguish it from)142 156 Q(plausible alternati)142 168 Q -.15(ve)-.25 G
2.5(s. The).15 F(introduction to [I.D.W)2.5 E(ebauth-phishing] sho)-.8 E
(ws that at least in HTTPS,)-.25 E(this is not al)142 180 Q -.1(wa)-.1 G
(ys the case.).1 E 2.5(2. The)102 192 R(client can use a mutually authe\
nticated \(MA\) EAP method such as GPSK.)2.5 E(In this case, serv)5 E
(er)-.15 E(certi\214cate v)142 204 Q(eri\214cation does not matter)-.15
E 2.5(,a)-.4 G(nd the TLS handshak)-2.5 E 2.5(em)-.1 G
(ay as well be anon)-2.5 E 2.5(ymous. Note)-.15 F
(that in this case, the client identity is sent to the serv)142 216 Q
(er before serv)-.15 E(er authentication.)-.15 E 1.6 -.8(To s)102 240 T
(ummarize:).8 E 25(oC)102 252 S(lients MUST NO)-25 E 2.5(Tp)-.4 G
(ropose anon)-2.5 E(ymous ciphersuites, unless the)-.15 E 2.5(ys)-.15 G
(upport MA EAP methods.)-2.5 E 25(oC)102 264 S(lients MUST NO)-25 E 2.5
(Ta)-.4 G(ccept non-MA methods if the ciphersuite is anon)-2.5 E(ymous.)
-.15 E 25(oC)102 276 S(lients MUST NO)-25 E 2.5(Ta)-.4 G
(ccept non-MA methods if the)-2.5 E 2.5(ya)-.15 G(re not able to v)-2.5
E(erify the serv)-.15 E(er credentials.)-.15 E
(Note that this document does not de\214ne what v)132 288 Q
(eri\214cation in)-.15 E -.2(vo)-.4 G(lv).2 E 2.5(es. If)-.15 F
(the serv)2.5 E(er DN is kno)-.15 E(wn and)-.25 E
(stored on the client, v)132 300 Q
(erifying certi\214cate signature and checking re)-.15 E -.2(vo)-.25 G
(cation may be enough.).2 E -.15(Fo)5 G 2.5(rw).15 G(eb)-2.5 E(bro)132
312 Q
(wsers, the case is not as clear cut, and MA methods SHOULD be used.)
-.25 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 11])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (11) 12
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(5. Performance)72 84 R(Considerations)2.5 E(Re)
102 108 Q(gular TLS adds tw)-.15 E 2.5(or)-.1 G
(ound-trips to a TCP connection.)-2.5 E(Ho)5 E(we)-.25 E -.15(ve)-.25 G
.8 -.4(r, b).15 H(ecause of the stream nature of TCP).4 E 2.5(,t)-1.11 G
(he)-2.5 E(client does not really need to w)102 120 Q(ait for the serv)
-.1 E(er\264s Finished message, and can be)-.15 E
(gin sending application data)-.15 E(immediately after its o)102 132 Q
(wn Finished message.)-.25 E(In practice, man)5 E 2.5(yc)-.15 G
(lients do so, and TLS only adds one)-2.5 E(round-trip of delay)102 144
Q(.)-.65 E(TEE adds as man)102 168 Q 2.5(yr)-.15 G
(ound-trips as the EAP method requires.)-2.5 E -.15(Fo)5 G 2.5(re).15 G
(xample, EAP-MD5 requires 1 round-trip,)-2.65 E
(while EAP-GPSK requires 2 round-trips.)102 180 Q(Additionally)5 E 2.5
(,t)-.65 G(he client MUST w)-2.5 E(ait for the EAP-Success message)-.1 E
(before sending its o)102 192 Q(wn Finished message, so we need at leas\
t 3 round-trips for the entire handshak)-.25 E 2.5(e. The)-.1 F
(best a client can do is tw)102 204 Q 2.5(or)-.1 G(ound-trips plus ho)
-2.5 E(we)-.25 E -.15(ve)-.25 G 2.5(rm).15 G(an)-2.5 E 2.5(yr)-.15 G
(ound-trips the EAP method requires.)-2.5 E
(It should be noted, though, that these e)102 228 Q(xtra round-trips sa)
-.15 E .3 -.15(ve p)-.2 H(rocessing time at the application le).15 E
-.15(ve)-.25 G 2.5(l. T).15 F -.1(wo)-.8 G -.15(ex)102 240 S
(tra round-trips tak).15 E 2.5(eal)-.1 G(ot less time than presenting a\
 log-in web page and processing the user\264s input.)-2.5 E
(It should also be noted, that TEE re)102 264 Q -.15(ve)-.25 G
(rses the order of the Finished messages.).15 E(In re)5 E
(gular TLS the client)-.15 E(sends the Finished message \214rst.)102 276
Q(In TEE it is the serv)5 E(er that sends the Finished message \214rst.)
-.15 E(This should)5 E(not af)102 288 Q(fect performance, and it is cle\
ar that the client may send application data immediately after the Fini\
shed)-.25 E(message.)102 300 Q(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G
143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E(age 12])
-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (12) 13
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(6. Operational)72 84 R(Considerations)2.5 E 2.5
(Section 4.3)102 108 R(de\214nes a dependenc)2.5 E 2.5(yb)-.15 G(etween\
 the TLS state and the EAP state in that it mandates that certain)-2.5 E
(EAP methods should not be used with certain TLS ciphersuites.)102 120 Q
1.6 -.8(To a)5 H -.2(vo).6 G(id such dependencies, there are tw).2 E(o)
-.1 E(approaches that implementations can tak)102 132 Q 2.5(e. The)-.1 F
2.5(yc)-.15 G(an either not use an)-2.5 E 2.5(ya)-.15 G(non)-2.5 E
(ymous ciphersuites, or else the)-.15 E(y)-.15 E
(can use only MA EAP methods.)102 144 Q(Where certi\214cate v)102 168 Q
(alidation is problematic, such as in bro)-.25 E(wser)-.25 E
(-based HTTPS, we recommend the latter)-.2 E(approach.)102 180 Q
(In cases where the use of EAP within TLS is not kno)102 204 Q
(wn before opening the connection, it is necessary to)-.25 E(consider t\
he implications of requiring the user to type in credentials after the \
connection has already started.)102 216 Q(TCP sessions may time out, be\
cause of security considerations, and this may lead to session setup f)
102 228 Q(ailure.)-.1 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305
(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E(age 13])-.15 E 0
Cg EP
PStoPSsaved restore
%%Page: (13) 14
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(7. IAN)72 84 R 2.5(AC)-.35 G(onsiderations)-2.5
E(IAN)102 108 Q 2.5(Ai)-.35 G 2.5(sa)-2.5 G(sk)-2.5 E(ed to assign an e)
-.1 E(xtension type v)-.15 E(alue from the "ExtensionT)-.25 E(ype V)-.8
E(alues" re)-1.11 E(gistry for the)-.15 E(tee_supported e)102 120 Q
(xtension.)-.15 E(IAN)102 144 Q 2.5(Ai)-.35 G 2.5(sa)-2.5 G(sk)-2.5 E
(ed to assign tw)-.1 E 2.5(oh)-.1 G(andshak)-2.5 E 2.5(em)-.1 G
(essage types from the "TLS Handshak)-2.5 E(eT)-.1 E(ype Re)-.8 E
(gistry", one for)-.15 E("EapMsg" and one for "InterimAuth".)102 156 Q
(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 14])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (14) 15
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(8. Ackno)72 84 R(wledgments)-.25 E
(The authors w)102 108 Q(ould lik)-.1 E 2.5(et)-.1 G 2.5(ot)-2.5 G
(hank Josh Ho)-2.5 E(wlett for his comments.)-.25 E
(The TLS Inner Application Extension w)102 132 Q
(ork \([TLS/IA]\) has inspired the authors to create this simpli\214ed)
-.1 E -.1(wo)102 144 S 2.5(rk. TLS/IA).1 F(pro)2.5 E(vides a some)-.15 E
(what dif)-.25 E(ferent approach to inte)-.25 E
(grating non-certi\214cate credentials into the TLS)-.15 E
(protocol, in addition to se)102 156 Q -.15(ve)-.25 G
(ral other features a).15 E -.25(va)-.2 G
(ilable from the RADIUS namespace.).25 E(The authors w)102 180 Q
(ould also lik)-.1 E 2.5(et)-.1 G 2.5(ot)-2.5 G(hank the v)-2.5 E
(arious contrib)-.25 E(utors to [RFC4306] whose w)-.2 E
(ork inspired this one.)-.1 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G
143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E(age 15])
-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (15) 16
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(9. Changes)72 84 R(from Pre)2.5 E(vious V)-.25
E(ersions)-1.11 E 2.5(9.1. Changes)72 108 R(in v)2.5 E(ersion -02)-.15 E
25(oA)102 132 S(dded discussion of alternati)-25 E .3 -.15(ve d)-.25 H
(esigns.).15 E 2.5(9.2. Changes)72 156 R(in v)2.5 E(ersion -01)-.15 E 25
(oC)102 180 S(hanged the construction of the Finished message)-25 E 25
(oR)102 192 S(eplaced MS-CHAPv2 with GPSK in e)-25 E(xamples.)-.15 E 25
(oA)102 204 S(dded open issues section.)-25 E 25(oA)102 216 S
(dded reference to [Compound-Authentication])-25 E 25(oF)102 228 S(ix)
-25 E(ed reference to MITM attack)-.15 E 2.5(9.3. Changes)72 252 R
(from the protocol model draft)2.5 E 25(oA)102 276 S
(dded diagram for EapMsg)-25 E 25(oA)102 288 S
(dded discussion of EAP applicability)-25 E 25(oA)102 300 S(dded discus\
sion of mutually-authenticated EAP methods vs other methods in the secu\
rity)-25 E(considerations.)132 312 Q 25(oA)102 324 S
(dded operational considerations.)-25 E 25(oO)102 336 S
(ther minor nits.)-25 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305
(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E(age 16])-.15 E 0
Cg EP
PStoPSsaved restore
%%Page: (16) 17
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(10. Open)72 84 R(Issues)2.5 E(Some ha)102 108 Q
.3 -.15(ve s)-.2 H(uggested that since the protocol is identical to re)
.15 E(gular TLS up to the InterimAuth message, we)-.15 E(should call th\
at the Finished message, and call the last message in the e)102 120 Q
(xtended handshak)-.15 E 2.5(es)-.1 G(omething lik)-2.5 E(e)-.1 E 2.5
("EapFinished". This)102 132 R(has the adv)2.5 E(antage that the constr\
uction of Finished is already well de\214ned and will not)-.25 E 2.5
(change. Ho)102 144 R(we)-.25 E -.15(ve)-.25 G .8 -.4(r, t).15 H
(he Finished message has a speci\214c meaning as indicated by its name.)
.4 E(It means that the)5 E(handshak)102 156 Q 2.5(ei)-.1 G 2.5(so)-2.5 G
-.15(ve)-2.65 G 2.5(ra).15 G(nd that application data can no)-2.5 E 2.5
(wb)-.25 G 2.5(es)-2.5 G 2.5(ent. This)-2.5 F
(is not true of what is in this draft called)2.5 E 2.5(InterimAuth. W)
102 168 R(e\264d lik)-.8 E 2.5(et)-.1 G(he opinions of re)-2.5 E(vie)
-.25 E(wrs about this issue.)-.25 E(The MSK from the EAP e)102 192 Q
(xchange is only used to sign the Finished message.)-.15 E
(It is not used ag)5 E(ain in the data)-.05 E 2.5(encryption. In)102 204
R(this we follo)2.5 E(wed the e)-.25 E(xample of IKEv2.)-.15 E
(The reason is that TLS already has perfectly good)5 E -.1(wa)102 216 S
(ys of e).1 E(xchanging k)-.15 E -.15(ey)-.1 G
(s, and we do not need this capability from EAP methods.).15 E
(Also, using the MSK in)5 E -.1(ke)102 228 S(ys w)-.05 E
(ould require an additional ChangeCipherSpec and w)-.1 E
(ould complicate the protocol.)-.1 E -.8(We)5 G(\264d lik).8 E 2.5(et)
-.1 G(he)-2.5 E(opinions of re)102 240 Q(vie)-.25 E
(wrs about this issue.)-.25 E(Another response we got w)102 264 Q
(as that we should ha)-.1 E .3 -.15(ve a M)-.2 H
(UST requirement that only mutually authenticated and).15 E -.1(ke)102
276 S(y-generating methods be used in TEE.)-.05 E(This w)5 E
(ould simplify the security considerations section.)-.1 E(While we)5 E(\
agree that this is a good idea, most EAP methods in common use are not \
compliant.)102 288 Q(Additionally)5 E 2.5(,s)-.65 G(uch)-2.5 E
(requirements assume that EAP pack)102 300 Q(ets are visible to a passi)
-.1 E .3 -.15(ve a)-.25 H(ttack).15 E(er)-.1 E 5(.A)-.55 G 2.5(sE)-5 G
(AP is used in protected tunnels)-2.5 E(such as in L2TP)102 312 Q 2.5
(,i)-1.11 G 2.5(nI)-2.5 G
(KEv2 and here, this assumption may not be required.)-2.5 E
(If we consider the serv)5 E(er)-.15 E(authenticated by its certi\214ca\
te, it may be acceptable to use a non-MA method.)102 324 Q(It has been \
suggested that identity protection is not important enough to add a rou\
ndtrip, and so we should)102 348 Q(ha)102 360 Q .3 -.15(ve t)-.2 H
(he client send the username in the ClientHello.).15 E 1.6 -.8(We a)5 H
(re not sure about ho).8 E 2.5(wo)-.25 G(thers feel about this, and)-2.5
E -.1(wo)102 372 S(uld lik).1 E 2.5(et)-.1 G 2.5(os)-2.5 G
(olicit the re)-2.5 E(vie)-.25 E(wers opinion.)-.25 E
(Note that if this is done, the client sends the user name before)5 E
-2.15 -.25(ev e)102 384 T 2.5(rr).25 G(ecei)-2.5 E(ving an)-.25 E 2.5
(yi)-.15 G(ndication that the serv)-2.5 E(er actually supports TEE.)-.15
E(This might be acceptable in an email)5 E(client, where the serv)102
396 Q(er is precon\214gured, b)-.15 E
(ut it may be unacceptable in other uses, such as web bro)-.2 E(wsers.)
-.25 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 17])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (17) 18
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 2.5(11. References)72 84 R 2.5(11.1. Normati)72 108
R .3 -.15(ve R)-.25 H(eferences).15 E 12.5([EAP] Aboba,)102 132 R
(B., Blunk, L., V)2.5 E(ollbrecht, J., Carlson, J., and H.)-1.29 E(Le)5
E(vk)-.25 E -.25(ow)-.1 G(etz, "Extensible Authentication).25 E
(Protocol \(EAP\)", RFC)212 144 Q(3748, June)5 E(2004.)5 E 2.5
([RFC2119] Bradner)102 168 R 2.5(,S)-.4 G(., "K)-2.5 E .3 -.15(ey w)-.25
H(ords for use in RFCs to Indicate Requirement Le).05 E -.15(ve)-.25 G
(ls", BCP).15 E(14, RFC)5 E(2119,)5 E 2.5(March 1997.)212 180 R 12.5
([TLS] Dierks,)102 204 R 1.48 -.74(T. a)2.5 H(nd E. Rescorla, "The T).74
E(ransport Layer Security \(TLS\) Protocol V)-.35 E(ersion 1.1",)-1.11 E
2.5(RFC 4346,)212 216 R 2.5(April 2006.)2.5 F 2.5([TLS-EXT] Blak)102 240
R(e-W)-.1 E(ilson, S., Nystrom, M., Hopw)-.4 E(ood, D., Mikk)-.1 E
(elsen, J., and T)-.1 E 2.5(.W)-.74 G(right, "T)-2.5 E(ransport Layer)
-.35 E(Security \(TLS\) Extensions", RFC)212 252 Q(4366, April)5 E
(2006.)5 E 2.5(11.2. Informati)72 276 R .3 -.15(ve R)-.25 H(eferences)
.15 E([Compound-Authentication])102 300 Q(Puthenkulam, J., Lortz, V)212
312 Q(., P)-1.29 E(alekar)-.15 E 2.5(,A)-.4 G
(., and D. Simon, "The Compound)-2.5 E
(Authentication Binding Problem", draft-puthenkulam-eap-binding-04 \(w)
212 324 Q(ork in)-.1 E(progress\), October)212 336 Q(2003.)5 E 2.5
([Dia-EAP] Eronen,)102 360 R -1.11(P.)2.5 G 2.5(,H)1.11 G(iller)-2.5 E
2.5(,T)-.4 G
(., and G. Zorn, "Diameter Extensible Authentication Protocol \(EAP\))
-3.24 E(Application", RFC)212 372 Q(4072, August)5 E(2005.)5 E
([Diameter])102 396 Q(Calhoun, P)212 408 Q(., Loughne)-1.11 E 1.3 -.65
(y, J)-.15 H(., Guttman, E., Zorn, G., and J.).65 E(Arkk)5 E
(o, "Diameter Base)-.1 E(Protocol", RFC)212 420 Q(3588, September)5 E
(2003.)5 E([EAP-GPSK])102 444 Q(Clanc)212 456 Q 1.3 -.65(y, T)-.15 H 2.5
(.a)-.09 G(nd H. Tschofenig, "EAP Generalized Pre-Shared K)-2.5 E .3
-.15(ey \()-.25 H(EAP-GPSK\)",).15 E(draft-ietf-emu-eap-gpsk-05 \(w)212
468 Q(ork in progress\), April)-.1 E(2007.)5 E([I-D.ietf-eap-k)102 492 Q
-.15(ey)-.1 G(ing]).15 E
(Aboba, B., "Extensible Authentication Protocol \(EAP\) K)212 504 Q .3
-.15(ey M)-.25 H(anagement).15 E(Frame)212 516 Q -.1(wo)-.25 G
(rk", draft-ietf-eap-k).1 E -.15(ey)-.1 G(ing-18 \(w).15 E
(ork in progress\), February)-.1 E(2007.)5 E([I.D.W)102 540 Q
(ebauth-phishing])-.8 E(Hartman, S., "Requirements for W)212 552 Q
(eb Authentication Resistant to Phishing",)-.8 E
(draft-hartman-webauth-phishing-03 \(w)212 564 Q
(ork in progress\), March)-.1 E(2007.)5 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5
(ta)-2.5 G 143.305(l. Expires)-2.5 F(January 12, 2011)2.5 E([P)144.725 E
(age 18])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (18) 19
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E 10([MITM] Asokan,)102 84 R(N., Niemi, V)2.5 E
(., and K. Nyber)-1.29 E(g, "Man-in-the-Middle in T)-.18 E
(unneled Authentication)-.45 E(Protocols", IA)212 96 Q(CR ePrint Archi)
-.4 E 2.8 -.15(ve ,)-.25 H 2.5(October 2002.)2.65 F 2.5
([RAD-EAP] Aboba,)102 120 R(B. and P)2.5 E 2.5(.C)-1.11 G
(alhoun, "RADIUS \(Remote Authentication Dial In User Service\) Support)
-2.5 E -.15(Fo)212 132 S 2.5(rE).15 G
(xtensible Authentication Protocol \(EAP\)", RFC)-2.5 E(3579, September)
5 E(2003.)5 E 5([RADIUS] Rigne)102 156 R 1.3 -.65(y, C)-.15 H(., W).65 E
(illens, S., Rubens, A., and W)-.4 E 2.5(.S)-.92 G
(impson, "Remote Authentication Dial In User)-2.5 E
(Service \(RADIUS\)", RFC)212 168 Q(2865, June)5 E(2000.)5 E 2.5
([RFC4306] Kaufman,)102 192 R(C., "Internet K)2.5 E .3 -.15(ey E)-.25 H
(xchange \(IKEv2\) Protocol", RFC).15 E(4306, December)5 E(2005.)5 E 2.5
([TLS-PSK] Eronen,)102 216 R 2.22 -1.11(P. a)2.5 H
(nd H. Tschofenig, "Pre-Shared K)1.11 E .3 -.15(ey C)-.25 H
(iphersuites for T).15 E(ransport Layer Security)-.35 E(\(TLS\)", RFC)
212 228 Q(4279, December)5 E(2005.)5 E 5([TLS/IA] Funk,)102 252 R -1.11
(P.)2.5 G 2.5(,B)1.11 G(lak)-2.5 E(e-W)-.1 E
(ilson, S., Smith, H., Tschofenig, N., and T)-.4 E 2.5(.H)-.74 G
(ardjono, "TLS Inner Application)-2.5 E
(Extension \(TLS/IA\)", draft-funk-tls-inner)212 264 Q(-application-e)
-.2 E(xtension-03 \(w)-.15 E(ork in)-.1 E(progress\), June)212 276 Q
(2006.)5 E(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)
-2.5 F(January 12, 2011)2.5 E([P)144.725 E(age 19])-.15 E 0 Cg EP
PStoPSsaved restore
%%Page: (19) 20
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
0.000000 -28.346457 translate
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF 150.415(Internet-Draft EAP-in-TLS)72 48 R
(July 2010)169.275 E(Authors\264 Addresses)72 84 Q -1.1(Yo)102 108 S .4
-.2(av N)1.1 H(ir).2 E(Check Point Softw)102 120 Q(are T)-.1 E
(echnologies Ltd.)-.7 E 2.5(5H)102 132 S(asolelim st.)-2.5 E -.7(Te)102
144 S 2.5(lA).7 G(vi)-3.24 E 5(v6)-.25 G(7897)-5 E(Israel)102 156 Q
(Email: ynir@checkpoint.com)102 180 Q -1(Ya)102 216 S(ron Shef)1 E(fer)
-.25 E(Independent)102 228 Q(Email: yaronf.ietf@gmail.com)102 252 Q
(Hannes Tschofenig)102 288 Q(Nokia Siemens Netw)102 300 Q(orks)-.1 E
(Linnoitustie 6)102 312 Q 2.5(Espoo 02600)102 324 R(Finland)102 336 Q
(Phone: +358 \(50\) 4871445)102 360 Q(Email: Hannes.Tschofenig@gmx.net)
102 372 Q 5(URI: http://www)102 384 R(.tschofenig.pri)-.65 E -.65(v.)
-.25 G(at).65 E(Peter Gutmann)102 420 Q(Uni)102 432 Q -.15(ve)-.25 G
(rsity of Auckland).15 E(Department of Computer Science)102 444 Q(Ne)102
456 Q 2.5(wZ)-.25 G(ealand)-2.5 E(Email: pgut001@cs.auckland.ac.nz)102
480 Q(Nir)72 696 Q 2.5(,e)-.4 G 2.5(ta)-2.5 G 143.305(l. Expires)-2.5 F
(January 12, 2011)2.5 E([P)144.725 E(age 20])-.15 E 0 Cg EP
PStoPSsaved restore
%%Trailer
end
%%EOF
PAFTECH AB 2003-2026
2026-04-23 08:20:20