Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Document Action: 'Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)' to Informational RFC The IESG has approved the following document: - 'Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) ' <draft-arkko-pppext-eap-aka-16.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Thomas Narten. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-arkko-pppext-eap-aka-16.txt
Technical Summary This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Authentication and Key Agreement (AKA) mechanism used in the 3rd generation mobile networks Universal Mobile Telecommunications System (UMTS) and cdma2000. AKA is based on symmetric keys, and runs typically in a Subscriber Identity Module (UMTS Subscriber Identity Module USIM, or (Removable) User Identity Module (R)UIM), a smart card like device. EAP-AKA includes optional identity privacy support, optional result indications, and an optional fast re-authentication procedure. Working Group Summary This document is not the product of an IETF WG; it has been submitted to the RFC editor as an independent submission. However, 3GPP also lists this document as one of their dependencies, and they expect some IETF review of the document. Per discussions with Stephen Hayes (3GPP Liaison to IETF), this document has been reviewed by EAP WG for conformance with EAP, but security properties have not been reviewed. Protocol Quality This spec has been reviewed for the IESG by Thomas Narten. It has also been reviewed by the EAP WG for conformance with existing EAP standards. RFC Editor Note: Please add the following sentence to the end of the IESG note: The IETF has also not reviewed the security of the underlying UMTS AKA algorithms. New section (with additional sentence added): The EAP-AKA protocol was developed by 3GPP. The documentation of EAP-AKA is provided as information to the Internet community. While the EAP WG has verified that EAP-AKA is compatible with EAP as defined in RFC 3748, no other review has been done, including validation of the security claims. The IETF has also not reviewed the security of the underlying UMTS AKA algorithms.