EAP Mutual Cryptographic Binding
draft-hartman-emu-mutual-crypto-bind-00

 
Document Type Replaced Internet-Draft (individual)
Last updated 2012-07-31 (latest revision 2012-03-05)
Replaced by draft-ietf-emu-crypto-bind
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-emu-crypto-bind
Telechat date
Responsible AD (None)
Send notices to (None)

Email authors IPR References Referenced by Nits Search lists

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-hartman-emu-mutual-crypto-bind-00.txt

Abstract

As the Extensible Authentication Protocol (EAP) evolves, EAP peers rely increasingly on information received from the EAP server. EAP extensions such as channel binding or network posture information are often carried in tunnel methods; peers are likely to rely on this information. [RFC 3748] is a facility that protects tunnel methods against man-in-the-middle attacks. However, cryptographic binding focuses on protecting the server rather than the peer. This memo explores attacks possible when the peer is not protected from man-in- the-middle attacks and recommends mutual cryptographic binding, a new form of cryptographic binding that protects both peer and server.

Authors

Sam Hartman (hartmans-ietf@mit.edu)
Margaret Wasserman (mrw@painless-security.com)
Dacheng Zhang (zhangdacheng@huawei.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)