[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Input to IETF EAP Working Group on Methods and Key Strength (fwd)

To: iab@ietf.org, <iesg@ietf.org>
Subject: Input to IETF EAP Working Group on Methods and Key Strength (fwd)
From: Bernard Aboba <aboba@internaut.com>
Date: Sat, 29 Mar 2003 12:44:04 -0800 (PST)

---------- Forwarded message ----------
Date: Sat, 29 Mar 2003 11:49:55 -0500
From: David Halasz <dhala@cisco.com>
To: chair@ietf, harald@alvestrand.no
Cc: stuart.kerry@philips.com, erik.nordmark@sun.com, narten@us.ibm.com,
     aboba@internaut.com, jari.arkko@ericsson.com, waa@dsl.cis.upenn.edu,
     dstanley@agere.com
Subject: Input to IETF EAP Working Group on Methods and Key Strength

Sent on behalf of Stuart Kerry, IEEE 802.11 Working group Chair.

From: Stuart Kerry, Chairman IEEE 802.11
To: Harald Alvestrand, Chairman IETF, IESG
Title: Input to IETF EAP Working Group on Methods and Key Strength
Purpose: For Information

Dear Harald,

We thank the IETF and the EAP WG for its ongoing work supporting the
specification of EAP methods, EAP keying, and RADIUS keying attributes.

The purpose of this letter is to provide the EAP WG with additional input
on (a) the EAP methods and credentials that are important to IEEE 802.11
wireless LAN deployments, and (b) IEEE 802.11i EAP Key Strength requirements.

EAP Methods and Credentials

Deployments of IEEE 802.11 WLANs today use several EAP methods, including
EAP-TLS, EAP-TTLS, PEAP and EAP-SIM. These methods support authentication
credentials that include digital certificates, usernames and passwords,
secure tokens, and SIM secrets.

The IEEE 802.11i draft specification requires that one or more published,
reviewed EAP methods are available which
·       Support the following credentials: digital certificates, user-names
and passwords, existing secure tokens, and mobile network credentials (GSM
and UMTS secrets).
·       Generate keying material
·       Support mutual authentication
·       Are resistant to dictionary attacks, and
·       Provide protection against man-in-the-middle attacks.

It is desirable that the EAP methods have the following attributes
·       Support fast resume
·       Support end-user identity hiding
·       Support for public/private key (without necessarily requiring
certificates)
·       Provide asymmetric credential support (password on one side,
public/private key on the other), and
·       Protect legacy credentials, such as passwords, from direct attack.

The current mandatory-to-implement EAP method is EAP-MD5. EAP-MD5 does not
meet IEEE 802.11’s requirements. We request that the mandatory to implement
EAP methods be augmented to include one of the methods that IEEE 802.11 is
able to use.

Key Strength Requirements

IEEE 802.11i RSN networks will use IEEE 802.1X and EAP methods to implement
end user authentication, and require that these EAP methods provide keying
material. The IEEE 802.11i requirement is that
The EAP method must be capable of generating keying material with 128-bits
of effective key strength. Key material must be at least 256 bits in length.

Please contact Stuart Kerry, IEEE 802.11 Working Group Chair and David
Halasz, IEEE 802.11i Task Group Chair dhala@cisco.com with any questions,
and to discuss IETF follow-up.

Stuart Kerry

Dave Halasz
Cisco Systems, Inc.
320 Springside Drive
Akron, OH  44333

Prev by Date: Re: 27 I-Ds?
Next by Date: RE: FW: MIB Copyright
Previous by thread: Re: Evaluation: draft-ema-vpim-clid - Calling Line Identification for Voice Mail Messages to Proposed Standard
Next by thread: Input to IETF EAP Working Group on Methods and Key Strength (fwd)
Index(es):
- Date
- Thread