| < draft-nir-tls-eap-04.txt | draft-nir-tls-eap-05.txt > | |||
|---|---|---|---|---|
| TLS Working Group Y. Nir | TLS Working Group Y. Nir | |||
| Internet-Draft Y. Sheffer | Internet-Draft Y. Sheffer | |||
| Intended status: Standards Track Check Point | Intended status: Standards Track Check Point | |||
| Expires: January 9, 2009 H. Tschofenig | Expires: October 22, 2009 H. Tschofenig | |||
| NSN | NSN | |||
| P. Gutmann | P. Gutmann | |||
| University of Auckland | University of Auckland | |||
| July 8, 2008 | April 20, 2009 | |||
| TLS using EAP Authentication | TLS using EAP Authentication | |||
| draft-nir-tls-eap-04.txt | draft-nir-tls-eap-05.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | This Internet-Draft is submitted to IETF in full conformance with the | |||
| applicable patent or other IPR claims of which he or she is aware | provisions of BCP 78 and BCP 79. | |||
| have been or will be disclosed, and any of which he or she becomes | ||||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on January 9, 2009. | This Internet-Draft will expire on October 22, 2009. | |||
| Copyright Notice | ||||
| Copyright (c) 2009 IETF Trust and the persons identified as the | ||||
| document authors. All rights reserved. | ||||
| This document is subject to BCP 78 and the IETF Trust's Legal | ||||
| Provisions Relating to IETF Documents in effect on the date of | ||||
| publication of this document (http://trustee.ietf.org/license-info). | ||||
| Please review these documents carefully, as they describe your rights | ||||
| and restrictions with respect to this document. | ||||
| Abstract | Abstract | |||
| This document describes an extension to the TLS protocol to allow TLS | This document describes an extension to the TLS protocol to allow TLS | |||
| clients to authenticate with legacy credentials using the Extensible | clients to authenticate with legacy credentials using the Extensible | |||
| Authentication Protocol (EAP). | Authentication Protocol (EAP). | |||
| This work follows the example of IKEv2, where EAP has been added to | This work follows the example of IKEv2, where EAP has been added to | |||
| the IKEv2 protocol to allow clients to use different credentials such | the IKEv2 protocol to allow clients to use different credentials such | |||
| as passwords, token cards, and shared secrets. | as passwords, token cards, and shared secrets. | |||
| skipping to change at page 3, line 34 ¶ | skipping to change at page 4, line 4 ¶ | |||
| 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 9. Changes from Previous Versions . . . . . . . . . . . . . . . . 16 | 9. Changes from Previous Versions . . . . . . . . . . . . . . . . 16 | |||
| 9.1. Changes in version -02 . . . . . . . . . . . . . . . . . . 16 | 9.1. Changes in version -02 . . . . . . . . . . . . . . . . . . 16 | |||
| 9.2. Changes in version -01 . . . . . . . . . . . . . . . . . . 16 | 9.2. Changes in version -01 . . . . . . . . . . . . . . . . . . 16 | |||
| 9.3. Changes from the protocol model draft . . . . . . . . . . 16 | 9.3. Changes from the protocol model draft . . . . . . . . . . 16 | |||
| 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 17 | 10. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . . 18 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 18 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . . 18 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 21 | ||||
| 1. Introduction | 1. Introduction | |||
| This document describes a new extension to [TLS]. This extension | This document describes a new extension to [TLS]. This extension | |||
| allows a TLS client to authenticate using [EAP] instead of performing | allows a TLS client to authenticate using [EAP] instead of performing | |||
| the authentication at the application level. The extension follows | the authentication at the application level. The extension follows | |||
| [TLS-EXT]. For the remainder of this document we will refer to this | [TLS-EXT]. For the remainder of this document we will refer to this | |||
| extension as TEE (TLS with EAP Extension). | extension as TEE (TLS with EAP Extension). | |||
| TEE extends the TLS handshake beyond the regular setup, to allow the | TEE extends the TLS handshake beyond the regular setup, to allow the | |||
| skipping to change at page 21, line 4 ¶ | skipping to change at line 677 ¶ | |||
| Phone: +358 (50) 4871445 | Phone: +358 (50) 4871445 | |||
| Email: Hannes.Tschofenig@gmx.net | Email: Hannes.Tschofenig@gmx.net | |||
| URI: http://www.tschofenig.priv.at | URI: http://www.tschofenig.priv.at | |||
| Peter Gutmann | Peter Gutmann | |||
| University of Auckland | University of Auckland | |||
| Department of Computer Science | Department of Computer Science | |||
| New Zealand | New Zealand | |||
| Email: pgut001@cs.auckland.ac.nz | Email: pgut001@cs.auckland.ac.nz | |||
| Full Copyright Statement | ||||
| Copyright (C) The IETF Trust (2008). | ||||
| This document is subject to the rights, licenses and restrictions | ||||
| contained in BCP 78, and except as set forth therein, the authors | ||||
| retain all their rights. | ||||
| This document and the information contained herein are provided on an | ||||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | ||||
| THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | ||||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | ||||
| THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
| Intellectual Property | ||||
| The IETF takes no position regarding the validity or scope of any | ||||
| Intellectual Property Rights or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology described in | ||||
| this document or the extent to which any license under such rights | ||||
| might or might not be available; nor does it represent that it has | ||||
| made any independent effort to identify any such rights. Information | ||||
| on the procedures with respect to rights in RFC documents can be | ||||
| found in BCP 78 and BCP 79. | ||||
| Copies of IPR disclosures made to the IETF Secretariat and any | ||||
| assurances of licenses to be made available, or the result of an | ||||
| attempt made to obtain a general license or permission for the use of | ||||
| such proprietary rights by implementers or users of this | ||||
| specification can be obtained from the IETF on-line IPR repository at | ||||
| http://www.ietf.org/ipr. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights that may cover technology that may be required to implement | ||||
| this standard. Please address the information to the IETF at | ||||
| ietf-ipr@ietf.org. | ||||
| End of changes. 7 change blocks. | ||||
| 9 lines changed or deleted | 17 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||