Technical Summary
EAP-pwd is an EAP method that uses a shared password for
authentication using a technique that is resistant to dictionary
attack. It included support for raw keys and RFC2751-style double
hashing of a password but did not include support for salted
passwords. There are many existing databases of salted passwords and
it is desirable to allow their use with EAP-pwd.
Working Group Summary
This is an individual draft that was reviewed on a few mailing lists.
Reviews were sparse, so I reached out to several reviewers with
expertise in the technologies used. The feedback was discussed and
incorporated into the draft prior to the IETF last call.
Document Quality
There are implementations of the EAP-pwd base specification
for several operating systems (Windows, Linux, Android),
originating from one vendor (Aruba Networks / HP Enterprise).
The same vendor (and in fact author of the spec) also has running
code for this new draft. This code is unpublished due to the lack of
code points. When this draft gets published as RFC with the
corresponding IANA actions, it can be expected that the
implementation will be out soon after.
Personnel
The Document Shepherd is Stefan Winter <stefan.winter@restena.lu>.
The responsible Area Director is Kathleen Moriarty (kathleen.moriarty.ietf@gmail.com)
IANA Note
This draft adds eight values to the "password
preprocessing method registry" established by [RFC5931].