The Compound Authentication Binding Problem
draft-puthenkulam-eap-binding-04
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Author | Jose Puthenkulam | ||
| Last updated | 2003-10-27 (Latest revision 2003-07-01) | ||
| Stream | (None) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-puthenkulam-eap-binding-04.txt
Abstract
There are several motivations for using compound authentication methods using tunnels, but man-in-the-middle attacks have been found in these protocols under certain circumstances. They occur when the inner methods used inside a tunnel method are also used outside it, without cryptographically binding the methods together. At the time of writing this document, several protocols being proposed within the IETF were vulnerable to these attacks, including IKE with XAUTH, PIC, PANA over TLS, EAP TTLS and PEAP. This document studies the problems and suggests potential solutions to mitigate them. We also provide a reference solution for an EAP tunneling protocol like PEAP.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)