Internet DRAFT - draft-bersani-eap-sharedkeymethods-documentationtemplate
draft-bersani-eap-sharedkeymethods-documentationtemplate
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
Internet Draft Florent Bersani
File: draft-bersani-eap-sharedkeymethods- France Telecom R&D
doctemplate-00.txt
Expires: August 2004 March 2004
EAP shared key methods documentation template
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This document proposes a template for authors of EAP methods that
rely on shared keys, to document their work.
Since EAP methods have proliferated but only 4 are currently
standardized and since no simple shared key EAP method seems to be
widely available to replace EAP-MD5 that has been deprecated for
security reasons, this template is the first step towards
standardizing such an EAP method.
This document is indeed intended to help gather information on the
existing related work before requesting that a new work item be
opened at IETF to standardize a replacement for EAP-MD5.
Bersani Expires – September 2004 [Page 1]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
Table of Contents
1. Introduction..................................................3
1.1 Terminology................................................3
2. Documenting an EAP shared key method..........................4
2.1 Name of the method.........................................4
2.1.1 Full Name...........................................4
2.1.2 Short Name..........................................4
2.2 Authors of the method......................................4
2.3 Documents describing the method............................4
2.3.1 Latest documents....................................4
2.3.2 Old documents.......................................4
2.3.3 Other documents.....................................4
2.4 Status of the method.......................................5
2.4.1 Current status......................................5
2.4.2 Next steps..........................................5
2.5 IPR related to the method..................................5
2.6 Special infrastructure typically required by the method....5
2.7 Implementation availability................................5
2.7.1 Has the method been implemented?....................5
2.7.2 The different implementations available.............6
2.7.3 Has the method's implementation been field tested?..6
2.8 Security of the method.....................................6
2.8.1 The different cryptographic primitives used by the
method....................................................6
2.8.2 Compliance to [EAPbis] and [IEEE 802REQ] security
requirements..............................................6
2.8.3 Formal proofs backing up the security of the method.7
2.9 General properties of the method...........................7
2.9.1 Is the method up to date with the recent EAP WG
documents?................................................7
2.9.2 Specific design goals for the method................7
2.9.3 Specific features of the method.....................7
2.10 IANA status of the method.................................7
3. IANA considerations...........................................8
4. Security considerations.......................................8
5. Acknowledgements..............................................8
6. References....................................................8
7. Authors' Addresses............................................9
8. Full Copyright Statement......................................9
Bersani Expires – September 2004 [Page 2]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
1. Introduction
At IETF 59, the EAP WG chairs gave a presentation on the status of
the different EAP methods, see [EAPMETHSTAT].
This document agrees with the conclusion of this presentation: there
are too many undocumented or non-standardized EAP methods. It
especially acknowledges the lack of the most basic shared key EAP
method that could replace EAP-MD5 that has been deprecated for
security reasons, see [EAPbis].
This document is an attempt to remedy this situation.
It is indeed intended to help gather information on existing work
that has been done on EAP shared key methods.
The compilation of this information will both serve as a motivation
to request that a new work item be opened at IETF to draft a standard
shared key method and as a way to set up a design team comprised of
people willing to help draft such a method (possibly including
authors of former shared key EAP methods).
This document is a template that needs to be filled in. Readers who
feel that they have proposed a shared key EAP method are kindly
requested to do so and send their input by e-mail to the author of
this document at the address indicated in section 7.
1.1 Terminology
Shared key : A shared key is a cryptographic key in the
symmetric setting (see [HAC]). It is merely a
sequence of binary digits of given length
that should have been chosen at random. A
shared key is sometimes referred to as a pre-
shared key to emphasize that is derived by
some out-of-band mechanism and that both
parties already share the key before starting
to communicate.
Special infrastructure: By special infrastructure, this document
means any additional infrastructure to the
basic EAP infrastructure comprised of a
standalone EAP peer and a standalone EAP
server. For example, the GSM Authentication
center which is typically (but not
necessarily) required by [EAP-SIM] is
considered to be special infrastructure, as
well as the token cards possibly used by, for
instance, [SecurID-EAP].
Bersani Expires – September 2004 [Page 3]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
2. Documenting an EAP shared key method
2.1 Name of the method
2.1.1 Full Name
Please state below the full name of the method, e.g. for EAP-PSK (see
[EAP-PSK]): EAP Pre-Shared Key
2.1.2 Short Name
Please state below the short name of the method, e.g. for EAP-PSK:
EAP PSK
2.2 Authors of the method
Please state below the name and contact information of the authors of
your method, e.g., for EAP-PSK:
Florent Bersani
France Telecom R&D
38, rue du General Leclerc
92794 Issy Les Moulineaux Cedex 9
France
florent.bersani@francetelecom.com
2.3 Documents describing the method
If the readers filling in this template could send all the documents
they mention below attached with their answer (in addition to the
pointers they may provide), this would be most appreciated.
2.3.1 Latest documents
Please reference below the latest versions of the documents
describing the method and a way to get them, e.g. for EAP-PSK
draft-bersani-eap-psk-01.txt available at the following URL:
http://eappsk.chez.tiscali.fr/draft-bersani-eap-psk-01.txt
2.3.2 Old documents
Please reference below the old versions of the documents describing
the method and a way to get them, e.g. for EAP-PSK
draft-bersani-eap-psk-00.txt available at the following URL:
http://eappsk.chez.tiscali.fr/draft-bersani-eap-psk-00.txt
2.3.3 Other documents
Bersani Expires – September 2004 [Page 4]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
Please reference below any other document that you think to be useful
for the understanding of your method, e.g. for EAP-PSK:
"EAP-PSK: a simple symmetric key EAP method", Bersani F.,
presentation made at IETF 59, available at the following URL:
http://www.arkko.com/publications/eap/ietf-59/ietf59_eap_psk.pdf
2.4 Status of the method
2.4.1 Current status
Please state below the current status of your method (stable, work in
progress, not maintained any more), e.g. for EAP-PSK: work in
progress.
2.4.2 Next steps
Please state below the intended next steps about your method, e.g.
for EAP-PSK, progress towards a stable version and merge to/replace
with a standard shared key EAP method
2.5 IPR related to the method
Please state below any patent pending or already granted that you are
aware of relating to your method (precision would be nice but you can
of course merely state that there some patents - pending or not -
related to your method), e.g. for EAP-PSK, to the best of its
author's knowledge, it is free of any IPR claims
2.6 Special infrastructure typically required by the method
Please state below any special infrastructure that would be typically
be required for your method to work properly, e.g. for EAP-PSK, no
special infrastructure is required whereas for EAP-SIM the GSM
infrastructure is typically required or for EAP-GTC (see [EAPbis]), a
token card is typically required.
2.7 Implementation availability
2.7.1 Has the method been implemented?
Please state below if you have implemented or knows somebody who has
implemented your method, e.g. for EAP-PSK, it has not (yet) been
implemented.
If your method has not been implemented or if future work is
scheduled for some reason, please state below your plans or plans you
are aware of regarding its implementation in the future, e.g. for
EAP-PSK, it is currently being implemented by Florent Bersani (see
Bersani Expires – September 2004 [Page 5]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
contact address at the author of the method section) and the
implementation should be released by IETF 60.
2.7.2 The different implementations available
Please state below the different implementations of your method you
are aware of, the platforms corresponding to these implementations
and the software license status of these implementations, e.g. for
EAP-PSK, no implementation is currently available.
If there is work scheduled regarding the implementation of your
method that you are aware of, please state below, the different
implementations of your method that are planned, the platforms
corresponding to these implementations and the software license
status of these implementations, e.g. for EAP-PSK, a peer
implementation under Windows XP using Microsoft SDK is planned as
well as a server implementation for Freeradius. Both implementations
will be released as open source (probably under a GNU GPL license).
2.7.3 Has the method's implementation been field tested?
Please state below if you have been aware of any field
test/deployment of your method and please describe briefly these
tests/deployments (size, duration, results, etc.), e.g. for EAP-PSK,
there hasn't been any field test/deployment.
Please state below if you are aware of any future field
test/deployment of your method and please describe briefly these
tests/deployments (size, duration, points to be tested, etc.), e.g.
for EAP-PSK, there is a field deployment planned Q3 2004 for
approximately 500 hundred users during a trimester and since this
will be the first deployment, the tests will focus on user
experience, bandwidth and processing power consumption, unknown bugs,
etc.,
2.8 Security of the method
2.8.1 The different cryptographic primitives used by the method
Please state below the different cryptographic primitives used by
your method (block cipher, stream cipher, hash function), e.g. for
EAP-PSK, AES-128 is the sole cryptographic primitive that is used.
2.8.2 Compliance to [EAPbis] and [IEEE 802REQ] security requirements
Please state below the compliance status of your method regarding the
security requirements expressed in [EAPbis] and [IEEE 802REQ]
(complies, intends to comply, does not comply), e.g. for EAP-PSK, it
complies to both documents and intends to comply as they evolve.
Bersani Expires – September 2004 [Page 6]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
2.8.3 Formal proofs backing up the security of the method
Please state below if the security techniques used in your method are
backed up by formal security proofs and if so, please provide
pointers to these proofs, e.g. for EAP-PSK the authentication is
backed by a security proof ([EAKD]) as well as the key derivation
([SOBMO]) and the protected channel part ([EAX])- however it should
be clear that expert review is needed to assess if indeed the
security proofs aforementioned apply to EAP-PSK, if the interfaces
between the different parts do not introduce any new vulnerability
and if no major security property is outside the coverage of the
security proofs.
2.9 General properties of the method
2.9.1 Is the method up to date with the recent EAP WG documents?
Please state below if your method is up to date (features,
terminology, ...) with the recent EAP WG documents ([EAPbis] and
[EKMF]), e.g. EAP-PSK was up to date with these documents in the
beginning of February 2004.
2.9.2 Specific design goals for the method
Please state below the different design goals that were considered
while drafting your method, e.g. for EAP-PSK, design goals were:
o Simplicity: It should be easy to implement and to deploy without
any pre-existing infrastructure.
o Wide applicability: It should be possible to use this method to
authenticate over any network. In particular, it should be
suitable for [IEEE 802.11] wireless LANs and comply to [IEEE
802REQ]
o Security: It should be conservative in its cryptographic design
and enjoy security proofs
o Extensibility: It should be possible to add to this method the
required extensions as their need appears
o Patent-avoidance: It should be free of any Intellectual Property
Right claims
2.9.3 Specific features of the method
Please state below the specific features of your method you would
like to highlight, e.g. for EAP-PSK, it provides a protected channel
after a successful authentication for the server and the peer to
communicate over.
2.10 IANA status of the method
Bersani Expires – September 2004 [Page 7]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
Please state below if your method has been allocated a PPP EAP type
by IANA and if so, please state that number.
3. IANA considerations
This document does not introduce any new IANA consideration.
4. Security considerations
This document does not introduce any new security issue for the
Internet.
5. Acknowledgements
Many thanks to Laurent Butti, Aurelien Magniez and Olivier Charles
for their feedback on this draft.
Many thanks to the EAP WG chairs, Jari Arkko and Bernard Aboba, for
motivating me to do this work.
6. References
[EAKD] Bellare, M, and P. Rogaway, "Entity Authentication and
Key Distribution", CRYPTO 93, LNCS 773, pp232-249,
Springer-Verlag, Berlin, 1994.
[EAPbis] Blunk, L. et al., "Extensible Authentication Protocol
(EAP)", Internet-Draft (work in progress), February
2004, http://ietf.levkowetz.com/drafts/eap/rfc2284bis/
draft-ietf-eap-rfc2284bis-09.txt
[EAPMETHSTAT] Arkko, J. and Aboba, B., "EAP WG Methods update",
http://www.arkko.com/publications/eap/ietf-
59/ietf59_eap_methstatus.ppt
[EAP-PSK] Bersani, F., "The EAP-PSK protocol", Internet-Draft
(work in progress), February 2004,
draft-bersani-eap-psk-01.txt
[EAP-SIM] Haverinen, H. Salowey, J., "EAP SIM Authentication",
Internet-Draft (work in progress),October 2003, draft-
haverinen-pppext-eap-sim-12.txt
[EAX] Bellare, M. et al., "The EAX mode of operation",
January 2004,
http://www.cs.ucsd.edu/users/mihir/papers/eax.pdf
[EKMF] Aboba, B. et al., "EAP Key Management Framework",
Internet-Draft (work in progress), October 2003, draft-
ietf-eap-keying-01.txt
Bersani Expires – September 2004 [Page 8]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
[HAC] Menezes, A. et al., “Handbook of Applied Cryptography”,
CRC Press, 1996.
[IEEE 802REQ] Stanley, Dorothy et al., “EAP Method Requirements for
Wireless LANs”, Internet-Draft (work in progress),
January 2004, draft-walker-ieee802-req-00.txt
[IEEE 802.11] Institute of Electrical and Electronics Engineers,
"Information Technology - Telecommunications and
Information Exchange between Systems - Local and
Metropolitan Area Network - Specific Requirements –
Part 11: Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specifications", IEEE Standard
802.11
[SecurID-EAP] Josefsson S., "The EAP SecurID(r) Mechanism", Internet-
Draft (work in progress), February 2002,
draft-josefsson-eap-securid
[SOBMMO] Gilbert, H., “The Security of One-Block-to-Many Modes
of Operation”, Fast Software Encryption, FSE 2003,
LNCS, Springer-Verlag.
7. Authors' Addresses
Florent Bersani florent.bersani@francetelecom.com
France Telecom R&D
38, rue du General Leclerc
92794 Issy Les Moulineaux Cedex 9
France
8. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
Bersani Expires – September 2004 [Page 9]
INTERNET-DRAFT EAP Shared Key Meth. Doc. Templ. March 2004
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Bersani Expires – September 2004 [Page 10]