[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-04.txt

To: SECMECH at ietf.org
Subject: [SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-04.txt
From: Magnus Nyström <magnus at rsasecurity.com>
Date: Tue, 6 Dec 2005 09:55:05 +0100 (W. Europe Standard Time)
Cc:
List-archive: <http://www1.ietf.org/pipermail/secmech>
List-help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-id: Security mechanisms BOF <secmech.lists.ietf.org>
List-post: <mailto:secmech@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
Reply-to: magnus at rsasecurity.com
Sender: secmech-bounces at lists.ietf.org

Dear All,

Internet-Drafts at ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.

Title : The Protected One-Time Password Protocol (EAP-POTP) Author(s) : M. Nystrom Filename : draft-nystrom-eap-potp-04.txt Pages : 84 Date : 2005-12-2

This document describes a general EAP method suitable for use with One-Time Password (OTP) tokens, and offers particular advantages for tokens with direct electronic interfaces to their associated clients. The method can be used to provide unilateral or mutual authentication, and key material, in protocols utilizing EAP, such as PPP, IEEE 802.1X and IKEv2.

A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-nystrom-eap-potp-04.txt


Changes compared to version -03 besides editorial clarifications and
corrections include:

- Derivation of a special session resumption key (SRK) at the same time as
  derivation of other keys such as the EMSK and the MSK. This avoids some
  issues identified with the use of the EMSK as a basis for the SRK.

- Parameterization of the hash, encryption, and MAC algorithms through a
  new "Crypto Algorithm TLV". This is to allow for a transition to other
  algorithms in the future, should the default (mandated) set be regarded
  as inappropriate.

- Addition of a "Challenge TLV" for those cases where the challenge used
  in a challenge-response method otherwise would be unknown to the EAP
  server.

I would also like to point out that static passwords may be used with this EAP method too.

-- Magnus


_______________________________________________
SECMECH mailing list
SECMECH at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech

Prev by Date: [SECMECH] EMU BOF Summary
Next by Date: [SECMECH] Minutes from the EMU BOF
Previous by thread: [SECMECH] EMU BOF Summary
Next by thread: [SECMECH] Minutes from the EMU BOF
Index(es):
- Date
- Thread