[Emu] EMU charter update

["Joseph Salowey (jsalowey)" <jsalowey at cisco.com>]

Below is a draft of the EMU charter that reflects discussions we had at
IETF 70.  Please review this and send comments.  I would like to have
comments in by January 23, 2008.

Thanks,

Joe  

Description of Working Group:
The Extensible Authentication Protocol (EAP) [RFC 3748] is a network
access authentication framework used in the PPP, 802.11, 802.16, VPN,
PANA, and in some functions in 3G networks. EAP itself is a simple
protocol and actual authentication happens in EAP methods.

Over 40 different EAP methods exist. Most of these methods are
proprietary methods and only a few methods are documented in RFCs. The
lack of documented, open specifications is a deployment and
interoperability problem. In addition, none of the EAP methods in the
standards track implement features such as key derivation that are
required for many modern applications. This poses a problem for, among
other things, the selection of a mandatory to implement EAP method in
new network access technologies. For example, no standards track methods
meet new requirements such as those posed in RFC 4017, which documents
IEEE 802.11 requirements for EAP methods.

This group is chartered to work on the following types of mechanisms to
meet RFC 3748 and RFC 4017 requirements:

- An update to RFC 2716 to bring EAP-TLS into standards track, clarify
specification, interoperability, and implementation issues gathered over
the years, and update the document to meet the requirements of RFC 3748,
RFC 4017, and EAP keying framework documents. Backwards compatibility
with RFC 2716 is a requirement.

- A mechanism based on strong shared secrets that meets RFC 3748 and RFC
4017 requirements. This mechanism should strive to be simple and compact
for implementation in resource constrained environments.

- A mechanism to support extensible communication within a TLS protected
tunnel that meets RFC 3748 and RFC 4017 requirements. This mechanism
must 
support channel bindings in order to meet RFC 4962 requirements. 
This mechanism will support meeting the requirements of an enhanced TLS
mechanism, a password based authentication mechanism, and  
additional inner authentication mechanisms.

- Enable a TLS-based EAP method to support channel bindings. So as to 
enable RFC 2716bis to focus solely on clarifications to the existing 
protocol, this effort will be handled in a separate document.  This item
will not generate a new method, rather it will enhance EAP-TLS or the 
TLS based tunnel method.  

- A mechanism meeting RFC 3748 and RFC 4017 requirements that makes use
of existing password databases such as AAA databases.  This
item will be based on the above tunnel method.

Goals and Milestones:
Done	  	Form design team to work on strong shared secret
mechanism
Done	  	Submit 2716bis I-D
Done	  	Submit first draft of shared secret mechanism I-D
Done	  	Form password based mechanism design team
Done		Submit 2716bis draft to IESG for Proposed Standard
Jan 2008	Submit Strong Shared Secret Mechanism to IESG
Mar 2008 	Submit Tunnel and Password Method requirements first
draft
Jun 2008 	Send Tunnel and Password Method requirements to IESG
Sep 2008 	Submit Tunnel Method first draft
Oct 2008    Submit TLS based method channel binding first draft
Oct 2008 	Submit Password Method first draft
Jan 2009	Send Tunnel Method to IESG
Apr 2009	Send TLS based method channel binding to IESG
Apr 2009	Send Password based method to IESG


_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu