Extensible Authentication Protocol (EAP) Mutual Cryptographic Binding
draft-ietf-emu-crypto-bind-04

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    emu mailing list <emu@ietf.org>,
    emu chair <emu-chairs@tools.ietf.org>
Subject: Document Action: 'EAP Mutual Cryptographic Binding' to Informational RFC (draft-ietf-emu-crypto-bind-04.txt)

The IESG has approved the following document:
- 'EAP Mutual Cryptographic Binding'
  (draft-ietf-emu-crypto-bind-04.txt) as Informational RFC

This document is the product of the EAP Method Update Working Group.

The IESG contact persons are Sean Turner and Stephen Farrell.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-emu-crypto-bind/


Technical Summary

EAP tunneled methods require that EAP peers rely on information from
the EAP server. Various security related information is carried
inside of the tunnel, and are used by the peers. Methods exist to
protect the peers against MITM attacks. The document discusses
attacks on the tunneled data, and recommends mutual cryptographic
binding to protect both parties.

Working Group Summary

The docuemnt records the consensus of the WG as developed over the
last year. Any controversy about the contents has been resolved by
updates to the document, and WG consensus was not rough.

Document Quality

The document provides a clear description of the attacks and
recommended solutions. There are no protocol changes in the
document, so no implementations are required.

Personnel

Alan DeKok is the doc shepherd.
Sean Turner is the responsible AD.

RFC Editor Note

Please make the following modifications in section 3.2.3:

OLD:

First, the server and peer prove to each other knowledge of
the inner MSK.  Then, the inner MSK is combined into some outer key
material to form the tunnel's keys.

NEW:

First, the server and peer prove to each other knowledge of
the inner MSK.  Then, the inner MSK is combined with some outer key
material to form the tunnel's EAP keys.