EAP Method Update BOF (emu)

xxxxxxxx, November x at xxxx-xxxx
=================================

CHAIRS: Jari Arkko (jari.arkko@piuha.net)
        Joe Salowey (jsalowey@cisco.com)

 
DESCRIPTION:

The Extensible Authentication Protocol (EAP), defined in RFC 3748 is a 
network access authentication framework used in the PPP, 802.11, 802.16, 
VPN, PANA, and in some functions in 3G networks. EAP itself is a simple 
protocol and actual authentication happens in so called EAP methods.

Over 40 different EAP methods exists. This includes many undocumented 
and proprietary methods. Only a few methods are documented in RFCs, 
and out of these, methods listed in the original EAP RFC are no longer 
applicable in today's environments. For instance, none of the EAP 
methods that are applicable in a wireless environment are in Standards 
Track RFCs. This poses a problem for, among other things, the selection 
of a mandatory to implement EAP method in new network access technologies.

Some methods have been defined in Internet Drafts, many of which have 
expired or have not been updated to reflect the true behavior in the 
protocols.

The lack of documented, open specifications is a deployment and 
interoperability problem. In addition, new requirements such as those 
posed by wireless environments are creating needs that are currently not 
well matched by existing methods. For instance, RFC 4017 documents IEEE 
802.11 requirements for EAP methods. Currently, there are only a few EAP 
methods that satisfy the mandatory requirements listed in this document, 
and there are no methods that satisfy all requirements. Some proposals 
for such methods exist, however.

Finally, there are authentication mechanism types that are not supported 
by existing RFCs. For instance, there is no widely applicable method 
that would be able to authenticate using shared secrets in a wireless 
environment.

The purpose of this BoF is to continue the work started in the EAP WG 
and in the SECMECH BOF, in a manner focused on few key EAP method needs. 
One immediate goals is to bring existing widely deployed EAP methods such 
as EAP-TLS (RFC 2716) to Proposed Standards with clarifications learned
during deployment. Another goal is to standardize additional mechanism to 
match the current requirements.

The BoF should have an organized discussion of what specific needs the 
community sees as worthwhile pursuing, and to discuss the specific 
technical solutions.

The potential work items of the group include

1. Revision of EAP-TLS, to be placed on the standards track.  The primary 
goal of this would be to bring the specification up to date, clarify 
unclear issues, etc. A standards track specification would also enable the 
consideration of EAP-TLS as a mandatory requirement in other Proposed
Standard specifications.

Note that there are limitations in current implementations which may need 
to be considered during this update. Similarly, the existing EAP-TLS
specification may not accommodate all types of extensions in a backwards 
compatible manner. For instance, there may be issues in adding channel 
binding support or the use of new TLS mechanisms such as TLS PSK when run 
against RFC 2716 compliant devices. These issues shall be investigated 
and clarified; the revised EAP-TLS must be backwards compatible with 
existing deployment.

2. Shared Secret - a pre-shared secret method. This is likely to be 
widely deployed if available, and another likely candidate to be referred 
to by other Proposed Standard specifications. Desired by IEEE 802.11.

3. Password based - essentially a shared secret mechanism that provides 
resistance to dictionary attacks. It should support various backend 
databases of password that use different storage techniques and perhaps 
support for one time tokens as well. Could use something related to EKE 
or a tunneling approach. Desired by IEEE 802.11, and would likely be 
widely deployed if available.

4. One time passwords - a secure one-time password -based mechanism that 
can provide keying material.

5. Tunneling - a tunneling method is useful to protect weaker 
authentication mechanisms. Tunneling methods are also used to exchange 
other types of authentication data.

6. Channel binding support - it has been suggested that new methods 
should have an ability to authenticate identifiers claimed by NASes. 
But it has also been suggested that backwards compatible extensions to 
do this in a few commonly used current methods should be developed for 
security reasons.

Similarly, for the ability to retain EAP method and media indepedence, 
it may be necessary to have coordinated approach or even binding data 
formats between different methods.

7. Enrollment mechanisms - methods to automatically enroll clients in 
wireless environments.

However, this list should not be taken as a proposal but rather as a 
template that can be used to determine community consensus on which of 
the items are worthwhile. It is certainly impossible to take on ALL of 
the above tasks, so a set of 3-4 priority tasks needs to be determined. 
There may also be IPR, complexity, or existing deployment concerns that 
make it undesirable to take on work for a specific item.

Although the GUAM work is not a subject of the current BOF, the group's 
charter may later be extended to cover GUAM work discussed in the 
SECMECH BOF in IETF-63. This requires an explicit rechartering, however.

The creation of this group does not affect existing procedures for IANA 
allocation of EAP method type numbers, or the publication of individual 
submissions documenting EAP methods as RFCs.


AGENDA:

o Background and relation to past SECMECH BOF and EAP WG work 
  (Sam Hartman, 5 min)

o EAP methods market situation (chairs, 5 min)

o EAP methods technical requirements (tbd, 10 min)

o Security AD's requirements for new methods (Russ Housley, 10 min)

o EAP methods, SDO requirements (Aboba, 10 min)

o EAP TLS issues and limitations (Aboba, 15 min)

o Shared secret methods (tbd, 15 min)

o Overview of other proposed methods (Eronen, 15 min)

o Channel binding approaches (Eronen, 15 min)

o Proposed charter (chairs, 15 min)

o Discussion (40 min)

READING LIST:

RFC 3748. Extensible Authentication Protocol
(EAP). B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson,
H. Levkowetz, Ed.. June 2004.

RFC 2716, PPP EAP TLS Authentication Protocol. B. Aboba,
D. Simon. October 1999.

RFC 4017. Extensible Authentication Protocol (EAP) Method
Requirements for Wireless LANs. D. Stanley, J. Walker,
B. Aboba. March 2005.

"EAP IKEv2 Method (EAP-IKEv2)", Hannes Tschofenig,
20-Jul-05, <draft-tschofenig-eap-ikev2-07.txt>

"The EAP-PSK Protocol: a Pre-Shared Key EAP Method",
Hannes Tschofenig, Florent Bersani, 10-Aug-05,
<draft-bersani-eap-psk-09.txt>

"EAP Flexible Authentication via Secure Tunneling
(EAP-FAST)", Joseph Salowey, 25-Apr-05,
<draft-cam-winget-eap-fast-02.txt>

"EAP Password Authenticated Exchange", Charles Clancy,
William Arbaugh, 6-Jun-05, <draft-clancy-eap-pax-04.txt>

"The EAP-SKL protocol", Thomas Otto, 1-Aug-05,
<draft-otto-eap-skl-02.txt>

"The Protected One-Time Password Protocol (EAP-POTP)",
Magnus Nystrom, 5-Jul-05, <draft-nystrom-eap-potp-02.txt>

"Dynamic Provisioning using EAP-FAST", Nancy Cam-Winget,
19-Jul-05,
<draft-cam-winget-eap-fast-provisioning-01.txt>

"Authenticated Service Information for the Extensible
Authentication Protocol (EAP)", Jari Arkko, Pasi Eronen,
20-Jul-05, <draft-arkko-eap-service-identity-auth-03.txt>

"An Extensible Authentication Protocol (EAP) Enrollment
Method", Rohan Mahy, 13-Jul-05,
<draft-mahy-eap-enrollment-00.txt>

"AAA-Key Derivation with Lower-Layer Parameter Binding",
Mayumi Yanagiya, Yoshihiro Ohba, 1-Jul-05,
<draft-ohba-eap-aaakey-binding-01.txt>