The Compound Authentication Binding Problem
draft-puthenkulam-eap-binding-04

 
Document Type Expired Internet-Draft (individual)
Last updated 2003-10-27
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-puthenkulam-eap-binding-04.txt

Abstract

There are several motivations for using compound authentication methods using tunnels, but man-in-the-middle attacks have been found in these protocols under certain circumstances. They occur when the inner methods used inside a tunnel method are also used outside it, without cryptographically binding the methods together. At the time of writing this document, several protocols being proposed within the IETF were vulnerable to these attacks, including IKE with XAUTH, PIC, PANA over TLS, EAP TTLS and PEAP. This document studies the problems and suggests potential solutions to mitigate them. We also provide a reference solution for an EAP tunneling protocol like PEAP.

Authors

Jose Puthenkulam (jose.p.puthenkulam@intel.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)