* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Emu Status Pages

EAP Method Update (Active WG)
Sec Area: Eric Rescorla, Benjamin Kaduk | 2006-Jan-20 — 2014-May-12 
Chairs
 
 


2018-07-20 charter

EAP Method Update (emu)
-----------------------

 Charter

 Current Status: Active

 Chairs:
     Joseph A. Salowey <joe@salowey.net>
     Mohit Sethi <mohit.m.sethi@ericsson.com>

 Security Area Directors:
     Benjamin Kaduk <kaduk@mit.edu>
     Eric Rescorla <ekr@rtfm.com>

 Security Area Advisor:
     Eric Rescorla <ekr@rtfm.com>

 Mailing Lists:
     General Discussion: emu@ietf.org
     To Subscribe:       https://www.ietf.org/mailman/listinfo/emu
     Archive:            https://mailarchive.ietf.org/arch/search/?email_list=emu

Description of Working Group:

  The Extensible Authentication Protocol (EAP) [RFC 3748] is a network
  access authentication framework used, for instance, in 802.11 and VPN
  networks and mobile networks. EAP itself is a simple
  protocol and actual authentication happens in EAP methods.

  Over 50 different EAP methods exist, including several methods
  developed in the IETF, and support for EAP exists in a broad set
  of different devices. Previous larger EAP-related efforts at the
  IETF included rewriting the base EAP protocol documentation and
  the development of several standards track EAP methods.

  EAP methods are generally based on existing other security
  technologies, such as TLS, SIM cards, and various algorithms.
  Some of these technologies continue to evolve. The
  understanding of security threats in today's Internet evolves as
  well, which has driven some of the evolution in these underlying
  technologies. At the same time, some new use cases for EAP have
  been identified, such as broader use of EAP in mobile network
  authentication.

  This working group has been chartered to provide updates to some
  commonly used EAP methods. Specifically, the working group shall
  produce documents to:

     - Provide a guidance or update to enable the use of TLS 1.3 in the
       context of EAP TLS (RFC 5216). Update the security
       considerations relating to EAP TLS, to document the implications
       of using new vs. old TLS versions, any recently gained new
       knowledge on vulnerabilities, and the possible implications of
       pervasive surveillance.

     - Update the EAP-AKA' specification (RFC 5448) to ensure that its
       capability to provide a cryptographic binding to network context
       stays in sync with what updates may come to the referenced 3GPP
       specifications through the use of EAP in 5G.

       Also, the group should document any recently gained new
       knowledge on vulnerabilities or the possible implications of
       pervasive surveillance or other new concerns.

     - Define session identifiers for fast re-authentication for
       EAP-SIM, EAP-AKA, and EAP-AKA’. The lack of this definition
       is a recently discovered bug in the original RFCs.

     - Develop an extension to EAP-AKA' such that Perfect Forward Secrecy
       can be provided. There may also be privacy improvements that
       have become feasible with the introduction of recent identity
       privacy improvements in 3GPP networks.

     - Gather experience regarding the use of large certificate and
       certificate chain sizes in the context of EAP-TLS (all versions),
       as some implementations and access networks may limit the
       number of EAP packet exchanges that can be handled.
       Document operational recommendations or other mitigation
       strategies to avoid issues.

  In all of the above, it is a requirement that none of the updates
  break backwards compatibility with existing specifications or
  implementations. The current EAP-TLS RFCs will not be obsoleted but
  rather updated with either new information or instructions on
  what is needed, for instance, to employ a new TLS version.

  The working group is expected to stay in close collaboration with
  the EAP deployment community, the TLS working group (for EAP-TLS
  work), and the 3GPP security architecture group (for EAP-AKA'
  work).

Goals and Milestones:
  Mar 2018 - Working Group Established
  Apr 2018 - WG adopts initial draft on guidance for EAP TLS with TLS 1.3
  Apr 2018 - WG adopts initial draft on EAP-AKA update, RFC5448-bis, including definition session identifiers for fast re-authentication for EAP-AKA'
  Sep 2018 - WG last call on EAP-AKA update, RFC5448-bis
  Oct 2018 - WG adopts initial draft on extension to EAP-AKA to support forward secrecy
  Oct 2018 - WG adopts initial draft on definition of session identifiers for fast re-authentication for EAP-SIM and EAP-AKA
  Nov 2018 - WG last call on guidance for EAP TLS with TLS 1.3
  Dec 2018 - WG adopts initial draft on operational recommendations for large certificate and chain sizes
  Jan 2019 - WG last call on definition of session identifiers for fast  re-authentication in EAP-SIM and EAP-AKA
  Feb 2019 - WG last call on extension to EAP-AKA to support forward secrecy
  May 2019 - WG last call on operational recommendations for large  certificate and chain sizes


All charter page changes, including changes to draft-list, rfc-list and milestones:



Generated from PyHt script /wg/emu/charters.pyht Latest update: 24 Oct 2012 16:51 GMT -