| < draft-walker-ieee802-req-03.txt | draft-walker-ieee802-req-04.txt > | |||
|---|---|---|---|---|
| Network Working Group Dorothy Stanley | Network Working Group Dorothy Stanley | |||
| INTERNET-DRAFT Agere | INTERNET-DRAFT Agere | |||
| Category: Informational Jesse Walker | Category: Informational Jesse Walker | |||
| <draft-walker-ieee802-req-03.txt> Intel Corporation | <draft-walker-ieee802-req-04.txt> Intel Corporation | |||
| 7 August 2004 Bernard Aboba | 10 August 2004 Bernard Aboba | |||
| Microsoft Corporation | Microsoft Corporation | |||
| EAP Method Requirements for Wireless LANs | EAP Method Requirements for Wireless LANs | |||
| By submitting this Internet-Draft, I certify that any applicable | By submitting this Internet-Draft, I certify that any applicable | |||
| patent or other IPR claims of which I am aware have been disclosed, | patent or other IPR claims of which I am aware have been disclosed, | |||
| and any of which I become aware will be disclosed, in accordance with | and any of which I become aware will be disclosed, in accordance with | |||
| RFC 3668. | RFC 3668. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| skipping to change at page 7, line 36 ¶ | skipping to change at page 7, line 36 ¶ | |||
| Key strength is addressed by mandatory requirement [2] in Section | Key strength is addressed by mandatory requirement [2] in Section | |||
| 2.2. Recommendations for ensuring the Freshness of keys derived by | 2.2. Recommendations for ensuring the Freshness of keys derived by | |||
| EAP methods are discussed in [RFC3748], Section 7.10. | EAP methods are discussed in [RFC3748], Section 7.10. | |||
| Replay protection | Replay protection | |||
| Requirement: "All protocol exchanges must be replay protected." | Requirement: "All protocol exchanges must be replay protected." | |||
| This is addressed by mandatory requirement [6] in Section 2.2. | This is addressed by mandatory requirement [6] in Section 2.2. | |||
| Authentication | Authentication | |||
| Requirement: "All parties need to be authenticated." | Requirements: "All parties need to be authenticated. The | |||
| confidentiality of the authenticator must be maintained. No | ||||
| plaintext passwords are allowed." | ||||
| Mutual authentication is required as part of mandatory requirement | Mutual authentication is required as part of mandatory requirement | |||
| [3] in Section 2.2. The confidentiality of the authenticator must | [3] in Section 2.2. Identity protection is a recommended | |||
| be maintained. Identity protection is a recommended capability, | capability, described in requirement [9] in Section 2.3. EAP does | |||
| described in requirement [9] in Section 2.3. No plaintext | not support plaintext passwords, as noted in [RFC3748] Section | |||
| passwords are allowed. EAP does not support plaintext passwords, | 7.14. | |||
| as noted in [RFC3748] Section 7.14. | ||||
| Authorization | Authorization | |||
| Requirement: "EAP peer and authenticator authorization must be | Requirement: "EAP peer and authenticator authorization must be | |||
| performed." | performed." | |||
| Issues relating to authorization are discussed in [RFC3748] Section | Authorization issues are discussed in [RFC3748] Section 1.2, and | |||
| 7.15, and [RFC3579] Section 4.3.7. | Section 7.16. Authentication, Authorization and Accounting (AAA) | |||
| protocols such as RADIUS [RFC2865][RFC3579] may be used to enable | ||||
| authorization of EAP peers by a central authority. AAA | ||||
| authorization issues are discussed in [RFC3579] Section 2.6.3 as | ||||
| well as in Section 4.3.7. | ||||
| Session keys | Session keys | |||
| Requirement: "Confidentiality of session keys must be maintained." | Requirement: "Confidentiality of session keys must be maintained." | |||
| Issues relating to Key Derivation are described in [RFC3748] | Issues relating to Key Derivation are described in [RFC3748] | |||
| Section 7.10, as well as in [KEYFRAME]. | Section 7.10, as well as in [KEYFRAME]. | |||
| Ciphersuite negotiation | Ciphersuite negotiation | |||
| Requirement: "The selection of the "best" ciphersuite must be | Requirement: "The selection of the "best" ciphersuite must be | |||
| securely confirmed." | securely confirmed." | |||
| skipping to change at page 8, line 35 ¶ | skipping to change at page 8, line 39 ¶ | |||
| long-term secrets." | long-term secrets." | |||
| This issue is addressed by mandatory requirement [6] in Section | This issue is addressed by mandatory requirement [6] in Section | |||
| 2.2. | 2.2. | |||
| Key binding | Key binding | |||
| Requirement: "The key must be bound to the appropriate context." | Requirement: "The key must be bound to the appropriate context." | |||
| This issue is addressed in optional requirement [10] in Section | This issue is addressed in optional requirement [10] in Section | |||
| 2.4. Channel binding is also discussed in Section 7.15 of | 2.4. Channel binding is also discussed in Section 7.15 of | |||
| [RFC3748]. | [RFC3748], and Section 4.3.7 of [RFC3579]. | |||
| 4. References | 4. References | |||
| 4.1. Normative References | 4.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC 2119, March, 1997. | Requirement Levels", RFC 2119, March, 1997. | |||
| [RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote | ||||
| Authentication Dial In User Service (RADIUS)", RFC 2865, June | ||||
| 2000. | ||||
| [RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial | [RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication Dial | |||
| In User Service) Support For Extensible Authentication | In User Service) Support For Extensible Authentication | |||
| Protocol (EAP)", RFC 3579, September 2003. | Protocol (EAP)", RFC 3579, September 2003. | |||
| [RFC3748] Aboba, B., et al., "Extensible Authentication Protocol (EAP)", | [RFC3748] Aboba, B., et al., "Extensible Authentication Protocol (EAP)", | |||
| RFC 3748, June 2004. | RFC 3748, June 2004. | |||
| [802.11] Information technology - Telecommunications and information | [802.11] Information technology - Telecommunications and information | |||
| exchange between systems - Local and metropolitan area | exchange between systems - Local and metropolitan area | |||
| networks - Specific Requirements Part 11: Wireless LAN Medium | networks - Specific Requirements Part 11: Wireless LAN Medium | |||
| End of changes. 6 change blocks. | ||||
| 11 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||