
From: Stuart Kerry, Chairman IEEE 802.11
To: Harald Alvestrand, Chairman IETF, IESG
Title: Input to IETF EAP Working Group on Methods and Key Strength
Purpose: For Information


Dear Harald,

We thank the IETF and the EAP WG for its ongoing work supporting the

specification of EAP methods, EAP keying, and RADIUS keying attributes.


The purpose of this letter is to provide the EAP WG with additional input

on (a) the EAP methods and credentials that are important to IEEE 802.11

wireless LAN deployments, and (b) IEEE 802.11i EAP Key Strength requirements.


EAP Methods and Credentials

Deployments of IEEE 802.11 WLANs today use several EAP methods, including

EAP-TLS, EAP-TTLS, PEAP and EAP-SIM. These methods support authentication

credentials that include digital certificates, usernames and passwords,

secure tokens, and SIM secrets.

The IEEE 802.11i draft specification requires that one or more published,

reviewed EAP methods are available which:

· Support the following credentials: digital certificates, user-names
and passwords, existing secure tokens, and mobile network credentials (GSM
and UMTS secrets).
· Generate keying material
· Support mutual authentication
· Are resistant to dictionary attacks, and
· Provide protection against man-in-the-middle attacks.

It is desirable that the EAP methods have the following attributes:

· Support fast resume
· Support end-user identity hiding
· Support for public/private key (without necessarily requiring
certificates)
· Provide asymmetric credential support (password on one side,
public/private key on the other), and
· Protect legacy credentials, such as passwords, from direct attack.

The current mandatory-to-implement EAP method is EAP-MD5. EAP-MD5 does not

meet IEEE 802.11's requirements. We request that the mandatory to implement

EAP methods be augmented to include one of the methods that IEEE 802.11 is

able to use.

Key Strength Requirements

IEEE 802.11i RSN networks will use IEEE 802.1X and EAP methods to implement

end user authentication, and require that these EAP methods provide keying

material. The IEEE 802.11i requirement is that

The EAP method must be capable of generating keying material with 128-bits

of effective key strength. Key material must be at least 256 bits in length.

Please contact Stuart Kerry, IEEE 802.11 Working Group Chair and David

Halasz, IEEE 802.11i Task Group Chair dhala@cisco.com with any questions,

and to discuss IETF follow-up.


Stuart Kerry