Skip to main content

Ephemeral keying for ABFAB

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Linus Nordberg , Josh Howlett
Last updated 2014-09-07 (Latest revision 2014-03-06)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes how EAP-GSS provides forward secrecy by encrypting each session in an ephemeral key generated in the initial state of the context establishment. This Diffie-Hellman key is shared by the initiator (EAP peer) and acceptor (EAP authenticator). The goal is to stop a passive attacker with access to the traffic between an ABFAB user and the service she uses (Relying Party), from getting access to key material and information linkable to the user or from being able to fingerprint the user.


Linus Nordberg
Josh Howlett

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)