Network Working Group N. Cam-Winget
Request for Comments: 4851 D. McGrew
Category: Informational J. Salowey
H. Zhou
Cisco Systems
May 2007
The Flexible Authentication via Secure Tunneling
Extensible Authentication Protocol Method (EAP-FAST)
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
This document defines the Extensible Authentication Protocol (EAP)
based Flexible Authentication via Secure Tunneling (EAP-FAST)
protocol. EAP-FAST is an EAP method that enables secure
communication between a peer and a server by using the Transport
Layer Security (TLS) to establish a mutually authenticated tunnel.
Within the tunnel, Type-Length-Value (TLV) objects are used to convey
authentication related data between the peer and the EAP server.
Cam-Winget, et al. Informational [Page 1]
RFC 4851 EAP-FAST May 2007
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Specification Requirements . . . . . . . . . . . . . . . . 5
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 6
2.1. Architectural Model . . . . . . . . . . . . . . . . . . . 6
2.2. Protocol Layering Model . . . . . . . . . . . . . . . . . 7
3. EAP-FAST Protocol . . . . . . . . . . . . . . . . . . . . . . 8
3.1. Version Negotiation . . . . . . . . . . . . . . . . . . . 8
3.2. EAP-FAST Authentication Phase 1: Tunnel Establishment . . 9
3.2.1. TLS Session Resume Using Server State . . . . . . . . 10
3.2.2. TLS Session Resume Using a PAC . . . . . . . . . . . . 10
3.2.3. Transition between Abbreviated and Full TLS
Handshake . . . . . . . . . . . . . . . . . . . . . . 12
3.3. EAP-FAST Authentication Phase 2: Tunneled
Authentication . . . . . . . . . . . . . . . . . . . . . . 12
3.3.1. EAP Sequences . . . . . . . . . . . . . . . . . . . . 13
3.3.2. Protected Termination and Acknowledged Result
Indication . . . . . . . . . . . . . . . . . . . . . . 13
3.4. Determining Peer-Id and Server-Id . . . . . . . . . . . . 14
3.5. EAP-FAST Session Identifier . . . . . . . . . . . . . . . 15
3.6. Error Handling . . . . . . . . . . . . . . . . . . . . . . 15
3.6.1. TLS Layer Errors . . . . . . . . . . . . . . . . . . . 15
3.6.2. Phase 2 Errors . . . . . . . . . . . . . . . . . . . . 16
3.7. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 16
4. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 18
4.1. EAP-FAST Message Format . . . . . . . . . . . . . . . . . 18
4.1.1. Authority ID Data . . . . . . . . . . . . . . . . . . 20
4.2. EAP-FAST TLV Format and Support . . . . . . . . . . . . . 20
4.2.1. General TLV Format . . . . . . . . . . . . . . . . . . 21
4.2.2. Result TLV . . . . . . . . . . . . . . . . . . . . . . 22
4.2.3. NAK TLV . . . . . . . . . . . . . . . . . . . . . . . 23
4.2.4. Error TLV . . . . . . . . . . . . . . . . . . . . . . 24
4.2.5. Vendor-Specific TLV . . . . . . . . . . . . . . . . . 25
4.2.6. EAP-Payload TLV . . . . . . . . . . . . . . . . . . . 26
4.2.7. Intermediate-Result TLV . . . . . . . . . . . . . . . 28
4.2.8. Crypto-Binding TLV . . . . . . . . . . . . . . . . . . 29
4.2.9. Request-Action TLV . . . . . . . . . . . . . . . . . . 31
4.3. Table of TLVs . . . . . . . . . . . . . . . . . . . . . . 32
5. Cryptographic Calculations . . . . . . . . . . . . . . . . . . 32
5.1. EAP-FAST Authentication Phase 1: Key Derivations . . . . . 32
5.2. Intermediate Compound Key Derivations . . . . . . . . . . 33
5.3. Computing the Compound MAC . . . . . . . . . . . . . . . . 34
5.4. EAP Master Session Key Generation . . . . . . . . . . . . 35
5.5. T-PRF . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36
Cam-Winget, et al. Informational [Page 2]
RFC 4851 EAP-FAST May 2007
datatracker.ietf.org