Extensible Authentication Protocol Method for Shared-secret Authentication and Key Establishment (EAP-SAKE)
RFC 4763
Document Type RFC - Informational (November 2006; Errata)
Last updated 2020-01-21
Stream ISE
Formats plain text html pdf htmlized with errata bibtex
Stream ISE state (None)
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4763 (Informational)
Telechat date
Responsible AD Jari Arkko
Send notices to H.Soliman@Flarion.com
Email authors IPR References Referenced by Nits 
Network Working Group                                      M. Vanderveen
Request for Comments: 4763                                    H. Soliman
Category: Informational                    Qualcomm Flarion Technologies
                                                           November 2006

             Extensible Authentication Protocol Method for
     Shared-secret Authentication and Key Establishment (EAP-SAKE)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

IESG Note

   This RFC is not a candidate for any level of Internet Standard.  The
   IETF disclaims any knowledge of the fitness of this RFC for any
   purpose and in particular notes that the decision to publish is not
   based on IETF review for such things as security, congestion control,
   or inappropriate interaction with deployed protocols.  The RFC Editor
   has chosen to publish this document at its discretion.  Readers of
   this document should exercise caution in evaluating its value for
   implementation and deployment.  See RFC 3932 for more information.

Abstract

   This document specifies an Extensible Authentication Protocol (EAP)
   mechanism for Shared-secret Authentication and Key Establishment
   (SAKE).  This RFC is published as documentation for the IANA
   assignment of an EAP Type for a vendor's EAP method per RFC 3748.
   The specification has passed Designated Expert review for this IANA
   assignment.

Vanderveen & Soliman         Informational                      [Page 1]
RFC 4763                        EAP-SAKE                   November 2006

Table of Contents

   1. Introduction ....................................................3
   2. Terminology .....................................................3
   3. Protocol Description ............................................4
      3.1. Overview and Motivation of EAP-SAKE ........................4
      3.2. Protocol Operation .........................................5
           3.2.1. Successful Exchange .................................5
           3.2.2. Authentication Failure ..............................7
           3.2.3. Identity Management ................................11
           3.2.4. Obtaining Peer Identity ............................11
           3.2.5. Key Hierarchy ......................................13
           3.2.6. Key Derivation .....................................15
           3.2.7. Ciphersuite Negotiation ............................17
           3.2.8. Message Integrity and Encryption ...................17
           3.2.9. Fragmentation ......................................21
           3.2.10. Error Cases .......................................21
      3.3. Message Formats ...........................................22
           3.3.1. Message Format Summary .............................22
           3.3.2. Attribute Format ...................................23
           3.3.3. Use of AT_ENCR_DATA Attribute ......................25
           3.3.4. EAP.Request/SAKE/Challenge Format ..................26
           3.3.5. EAP.Response/SAKE/Challenge Format .................28
           3.3.6. EAP.Request/SAKE/Confirm Format ....................30
           3.3.7. EAP.Response/SAKE/Confirm Format ...................32
           3.3.8. EAP.Response/SAKE/Auth-Reject Format ...............33
           3.3.9. EAP.Request/SAKE/Identity Format ...................34
           3.3.10. EAP.Response/SAKE/Identity Format .................36
           3.3.11. Other EAP Messages Formats ........................37
   4. IANA Considerations ............................................37
   5. Security Considerations ........................................38
      5.1. Denial-of-Service Attacks .................................38
      5.2. Root Secret Considerations ................................38
      5.3. Mutual Authentication .....................................39
      5.4. Integrity Protection ......................................39
      5.5. Replay Protection .........................................39
      5.6. Confidentiality ...........................................40
      5.7. Key Derivation, Strength ..................................40
      5.8. Dictionary Attacks ........................................41
      5.9. Man-in-the-Middle Attacks .................................41
      5.10. Result Indication Protection .............................41
      5.11. Cryptographic Separation of Keys .........................41
      5.12. Session Independence .....................................41
      5.13. Identity Protection ......................................42
      5.14. Channel Binding ..........................................42
      5.15. Ciphersuite Negotiation ..................................42
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools