Extensible Authentication Protocol BOF (eap) Wednesday, March 20 at 1530-1730 ================================= CHAIRS: Bernard Aboba John Vollbrecht Description: EAP (RFC 2284) is currently a work item of the PPPEXT WG, and is also under consideration within the IPSRA WG (PIC) and PANA WGs. The goal of this BOF is to discuss the creation of a working group to clarify the EAP specification, and possibly to standardize additional EAP methods. Backwards compatibility with RFC 2284 is an explicit goal. Motivation: While EAP is now in use for authentication within the PPP and IEEE 802 link layers, interoperability issues have arisen. RFC 2284 lacked a protocol state machine, an IANA considerations section, and a complete security considerations section. A number of ambiguities have also arisen in RFC 2869 (RADIUS/EAP). The result of these ambiguities is that EAP method developers may find that their methods do not interoperate on all existing AAA servers, NASes, and clients. In addition, EAP is now being deployed in environments (such as wireless networks and use over the Internet) which make it vulnerable to attack. This has lead to proposals for improving the security of EAP. The primary goal of this BOF is to understand the range of interoperability and security issues encountered with RFC 2284, and secondarily to understand the requirements for development of additional EAP methods. EAP is currently a work item of the PPPEXT WG, but depending on the volume of EAP work required, it may be appropriate to form a separate WG focussing on EAP. BoF Agenda 1. Scribe volunteer 2. Agenda bash 3. RFC 2284 interoperability issues draft-ietf-pppext-rfc2284bis-02.txt 4. EAP IANA Considerations draft-aboba-pppext-eap-iana-00.txt 5. EAP state machine draft-ietf-pppext-rfc2284bis-02.txt 6. EAP security considerations draft-ietf-pppext-rfc2284bis-02.txt draft-aboba-pppext-key-problem-00.txt 7. Requirements for additional EAP methods EAP dependencies of 802.11 Requirement for cryptographic protection of EAP draft-ietf-ipsra-pic-05.txt draft-ietf-pppext-eap-ttls-00.txt draft-josefsson-pppext-eap-tls-eap-02.txt 8. Additional proposed EAP methods draft-ietf-pppext-eap-srp-04.txt draft-arkko-pppext-eap-aka-01.txt draft-haverinen-pppext-eap-sim-02.txt draft-salgarelli-pppext-eap-ske-00.txt 9. Charter bash Background reading (required for BOF participants) RFC 2284 (EAP) RFC 2869 (EAP/RADIUS) draft-ietf-pppext-rfc2284bis-02.txt draft-aboba-pppext-eap-iana-00.txt draft-aboba-pppext-eap-vendor-00.txt draft-ietf-pppext-key-problem-01.txt draft-ietf-ipsra-pic-05.txt draft-ietf-pppext-eap-ttls-00.txt draft-ietf-josefsson-pppext-eap-tls-eap-02.txt Strawman charter proposal EAP Working Group (EAP) Chair(s): This space for rent Area Director(s): Thomas Narten Erik Nordmark Security Advisors: Bill Arbaugh Mailing Lists: General discussion: eap@frascone.com To subscribe: send a message with "subscribe" in the subject to eap-request@frascone.com Archive: http://mail.frascone.com/pipermail/eap/ The EAP working group will restrict itself to the following short-term work items in order to fully document and improve the interoperability of the existing EAP protocol: 1. IANA considerations. 2. Threat model and security considerations. 3. EAP state machine. 4. Clarification and documentation of EAP keying issues 5. Documentation of interaction between EAP and other layers. 6. Resolution of interoperability issues. 7. Type space extension to support an expanded Type space. 8. EAP applicability statement 9. Update of RADIUS/EAP section of RFC 2869 Goals and Milestones Jun 02 IANA considerations draft to RFC Editor. Jun 02 EAP type extension section for RFC 2284bis. Jun 02 EAP Security considerations section for RFC 2284bis. Jun 02 EAP state machine section for RFC 2284bis. Sep 02 RFC 2869bis published as Proposed Standard RFC. Sep 02 RFC 2284bis published as Proposed Standard RFC. Sep 02 EAP applicability statement published as Informational RFC. Sep 02 EAP keying issues doc published as Informational RFC.