Nimble out-of-band authentication for EAP (EAP-NOOB)

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: The IESG <>,,,,,,
Subject: Protocol Action: 'Nimble out-of-band authentication for EAP (EAP-NOOB)' to Proposed Standard (draft-ietf-emu-eap-noob-06.txt)

The IESG has approved the following document:
- 'Nimble out-of-band authentication for EAP (EAP-NOOB)'
  (draft-ietf-emu-eap-noob-06.txt) as Proposed Standard

This document is the product of the EAP Method Update Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:

Technical Summary

   The Extensible Authentication Protocol (EAP) provides support for
   multiple authentication methods.  This document defines the EAP-NOOB
   authentication method for nimble out-of-band (OOB) authentication and
   key derivation.  The EAP method is intended for bootstrapping all
   kinds of Internet-of-Things (IoT) devices that have no pre-configured
   authentication credentials.  The method makes use of a user-assisted
   one-directional OOB message between the peer device and
   authentication server to authenticate the in-band key exchange.  The
   device must have an input or output interface, such as a display,
   microphone, speaker or blinking light, which can send or receive
   dynamically generated messages of tens of bytes in length.

Working Group Summary

The document received a detailed early IoT directorate review.

Document Quality

At least three public implementations of the protocol are available:
1. wpa_supplicant -
2. contiki -
3. hostap -

The protocol has security proofs:
1. Proverif:
2. mcrl2:


Document Shepherd - Joe Salowey

Responsible AD - Roman Danyliw