Extensible Authentication Protocol (EAP) Password Authenticated Exchange
RFC 4746
Document Type RFC - Informational (November 2006; Errata)
Was draft-clancy-eap-pax (individual in sec area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4746 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                          T. Clancy
Request for Comments: 4746                                           LTS
Category: Informational                                       W. Arbaugh
                                                                     UMD
                                                           November 2006

               Extensible Authentication Protocol (EAP)
                    Password Authenticated Exchange

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document defines an Extensible Authentication Protocol (EAP)
   method called EAP-PAX (Password Authenticated eXchange).  This method
   is a lightweight shared-key authentication protocol with optional
   support for key provisioning, key management, identity protection,
   and authenticated data exchange.

Table of Contents

   1. Introduction ....................................................2
      1.1. Language Requirements ......................................3
      1.2. Terminology ................................................3
   2. Overview ........................................................5
      2.1. PAX_STD Protocol ...........................................6
      2.2. PAX_SEC Protocol ...........................................7
      2.3. Authenticated Data Exchange ................................9
      2.4. Key Derivation ............................................10
      2.5. Verification Requirements .................................11
      2.6. PAX Key Derivation Function ...............................12
   3. Protocol Specification .........................................13
      3.1. Header Specification ......................................13
           3.1.1. Op-Code ............................................13
           3.1.2. Flags ..............................................14

Clancy & Arbaugh             Informational                      [Page 1]
RFC 4746                        EAP-PAX                    November 2006

           3.1.3. MAC ID .............................................14
           3.1.4. DH Group ID ........................................14
           3.1.5. Public Key ID ......................................15
           3.1.6. Mandatory to Implement .............................15
      3.2. Payload Formatting ........................................16
      3.3. Authenticated Data Exchange (ADE) .........................18
      3.4. Integrity Check Value (ICV) ...............................19
   4. Security Considerations ........................................19
      4.1. Server Certificates .......................................20
      4.2. Server Security ...........................................20
      4.3. EAP Security Claims .......................................21
           4.3.1. Protected Ciphersuite Negotiation ..................21
           4.3.2. Mutual Authentication ..............................21
           4.3.3. Integrity Protection ...............................21
           4.3.4. Replay Protection ..................................21
           4.3.5. Confidentiality ....................................21
           4.3.6. Key Derivation .....................................21
           4.3.7. Key Strength .......................................22
           4.3.8. Dictionary Attack Resistance .......................22
           4.3.9. Fast Reconnect .....................................22
           4.3.10. Session Independence ..............................22
           4.3.11. Fragmentation .....................................23
           4.3.12. Channel Binding ...................................23
           4.3.13. Cryptographic Binding .............................23
           4.3.14. Negotiation Attack Prevention .....................23
   5. IANA Considerations ............................................23
   6. Acknowledgments ................................................24
   7. References .....................................................24
      7.1. Normative References ......................................24
      7.2. Informative References ....................................25
   Appendix A. Key Generation from Passwords ........................ 27
   Appendix B. Implementation Suggestions ........................... 27
     B.1. WiFi Enterprise Network ................................... 27
     B.2. Mobile Phone Network ...................................... 28

1.  Introduction
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA