The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST)
RFC 4851
Document Type RFC - Informational (May 2007; Errata)
Was draft-cam-winget-eap-fast (individual in sec area)
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4851 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors IPR 4 References Referenced by Nits 
Network Working Group                                      N. Cam-Winget
Request for Comments: 4851                                     D. McGrew
Category: Informational                                       J. Salowey
                                                                 H. Zhou
                                                           Cisco Systems
                                                                May 2007

           The Flexible Authentication via Secure Tunneling
          Extensible Authentication Protocol Method (EAP-FAST)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document defines the Extensible Authentication Protocol (EAP)
   based Flexible Authentication via Secure Tunneling (EAP-FAST)
   protocol.  EAP-FAST is an EAP method that enables secure
   communication between a peer and a server by using the Transport
   Layer Security (TLS) to establish a mutually authenticated tunnel.
   Within the tunnel, Type-Length-Value (TLV) objects are used to convey
   authentication related data between the peer and the EAP server.

Cam-Winget, et al.           Informational                      [Page 1]
RFC 4851                        EAP-FAST                        May 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Specification Requirements . . . . . . . . . . . . . . . .  5
     1.2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  Protocol Overview  . . . . . . . . . . . . . . . . . . . . . .  6
     2.1.  Architectural Model  . . . . . . . . . . . . . . . . . . .  6
     2.2.  Protocol Layering Model  . . . . . . . . . . . . . . . . .  7
   3.  EAP-FAST Protocol  . . . . . . . . . . . . . . . . . . . . . .  8
     3.1.  Version Negotiation  . . . . . . . . . . . . . . . . . . .  8
     3.2.  EAP-FAST Authentication Phase 1: Tunnel Establishment  . .  9
       3.2.1.  TLS Session Resume Using Server State  . . . . . . . . 10
       3.2.2.  TLS Session Resume Using a PAC . . . . . . . . . . . . 10
       3.2.3.  Transition between Abbreviated and Full TLS
               Handshake  . . . . . . . . . . . . . . . . . . . . . . 12
     3.3.  EAP-FAST Authentication Phase 2: Tunneled
           Authentication . . . . . . . . . . . . . . . . . . . . . . 12
       3.3.1.  EAP Sequences  . . . . . . . . . . . . . . . . . . . . 13
       3.3.2.  Protected Termination and Acknowledged Result
               Indication . . . . . . . . . . . . . . . . . . . . . . 13
     3.4.  Determining Peer-Id and Server-Id  . . . . . . . . . . . . 14
     3.5.  EAP-FAST Session Identifier  . . . . . . . . . . . . . . . 15
     3.6.  Error Handling . . . . . . . . . . . . . . . . . . . . . . 15
       3.6.1.  TLS Layer Errors . . . . . . . . . . . . . . . . . . . 15
       3.6.2.  Phase 2 Errors . . . . . . . . . . . . . . . . . . . . 16
     3.7.  Fragmentation  . . . . . . . . . . . . . . . . . . . . . . 16
   4.  Message Formats  . . . . . . . . . . . . . . . . . . . . . . . 18
     4.1.  EAP-FAST Message Format  . . . . . . . . . . . . . . . . . 18
       4.1.1.  Authority ID Data  . . . . . . . . . . . . . . . . . . 20
     4.2.  EAP-FAST TLV Format and Support  . . . . . . . . . . . . . 20
       4.2.1.  General TLV Format . . . . . . . . . . . . . . . . . . 21
       4.2.2.  Result TLV . . . . . . . . . . . . . . . . . . . . . . 22
       4.2.3.  NAK TLV  . . . . . . . . . . . . . . . . . . . . . . . 23
       4.2.4.  Error TLV  . . . . . . . . . . . . . . . . . . . . . . 24
       4.2.5.  Vendor-Specific TLV  . . . . . . . . . . . . . . . . . 25
       4.2.6.  EAP-Payload TLV  . . . . . . . . . . . . . . . . . . . 26
       4.2.7.  Intermediate-Result TLV  . . . . . . . . . . . . . . . 28
       4.2.8.  Crypto-Binding TLV . . . . . . . . . . . . . . . . . . 29
       4.2.9.  Request-Action TLV . . . . . . . . . . . . . . . . . . 31
     4.3.  Table of TLVs  . . . . . . . . . . . . . . . . . . . . . . 32
   5.  Cryptographic Calculations . . . . . . . . . . . . . . . . . . 32
     5.1.  EAP-FAST Authentication Phase 1: Key Derivations . . . . . 32
     5.2.  Intermediate Compound Key Derivations  . . . . . . . . . . 33
     5.3.  Computing the Compound MAC . . . . . . . . . . . . . . . . 34
     5.4.  EAP Master Session Key Generation  . . . . . . . . . . . . 35
     5.5.  T-PRF  . . . . . . . . . . . . . . . . . . . . . . . . . . 35
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 36

Cam-Winget, et al.           Informational                      [Page 2]
RFC 4851                        EAP-FAST                        May 2007

   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 37
     7.1.  Mutual Authentication and Integrity Protection . . . . . . 37
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools