The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST)
RFC 4851
Document | Type |
RFC - Informational
(May 2007; Errata)
Was draft-cam-winget-eap-fast (individual in sec area)
|
|
---|---|---|---|
Authors | Joseph Salowey , Hao Zhou , Nancy Cam-Winget , David McGrew | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4851 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group N. Cam-Winget Request for Comments: 4851 D. McGrew Category: Informational J. Salowey H. Zhou Cisco Systems May 2007 The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document defines the Extensible Authentication Protocol (EAP) based Flexible Authentication via Secure Tunneling (EAP-FAST) protocol. EAP-FAST is an EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) to establish a mutually authenticated tunnel. Within the tunnel, Type-Length-Value (TLV) objects are used to convey authentication related data between the peer and the EAP server. Cam-Winget, et al. Informational [Page 1] RFC 4851 EAP-FAST May 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Specification Requirements . . . . . . . . . . . . . . . . 5 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Architectural Model . . . . . . . . . . . . . . . . . . . 6 2.2. Protocol Layering Model . . . . . . . . . . . . . . . . . 7 3. EAP-FAST Protocol . . . . . . . . . . . . . . . . . . . . . . 8 3.1. Version Negotiation . . . . . . . . . . . . . . . . . . . 8 3.2. EAP-FAST Authentication Phase 1: Tunnel Establishment . . 9 3.2.1. TLS Session Resume Using Server State . . . . . . . . 10 3.2.2. TLS Session Resume Using a PAC . . . . . . . . . . . . 10 3.2.3. Transition between Abbreviated and Full TLS Handshake . . . . . . . . . . . . . . . . . . . . . . 12 3.3. EAP-FAST Authentication Phase 2: Tunneled Authentication . . . . . . . . . . . . . . . . . . . . . . 12 3.3.1. EAP Sequences . . . . . . . . . . . . . . . . . . . . 13 3.3.2. Protected Termination and Acknowledged Result Indication . . . . . . . . . . . . . . . . . . . . . . 13 3.4. Determining Peer-Id and Server-Id . . . . . . . . . . . . 14 3.5. EAP-FAST Session Identifier . . . . . . . . . . . . . . . 15 3.6. Error Handling . . . . . . . . . . . . . . . . . . . . . . 15 3.6.1. TLS Layer Errors . . . . . . . . . . . . . . . . . . . 15 3.6.2. Phase 2 Errors . . . . . . . . . . . . . . . . . . . . 16 3.7. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 16 4. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 18 4.1. EAP-FAST Message Format . . . . . . . . . . . . . . . . . 18 4.1.1. Authority ID Data . . . . . . . . . . . . . . . . . . 20 4.2. EAP-FAST TLV Format and Support . . . . . . . . . . . . . 20 4.2.1. General TLV Format . . . . . . . . . . . . . . . . . . 21 4.2.2. Result TLV . . . . . . . . . . . . . . . . . . . . . . 22 4.2.3. NAK TLV . . . . . . . . . . . . . . . . . . . . . . . 23 4.2.4. Error TLV . . . . . . . . . . . . . . . . . . . . . . 24 4.2.5. Vendor-Specific TLV . . . . . . . . . . . . . . . . . 25 4.2.6. EAP-Payload TLV . . . . . . . . . . . . . . . . . . . 26 4.2.7. Intermediate-Result TLV . . . . . . . . . . . . . . . 28 4.2.8. Crypto-Binding TLV . . . . . . . . . . . . . . . . . . 29 4.2.9. Request-Action TLV . . . . . . . . . . . . . . . . . . 31 4.3. Table of TLVs . . . . . . . . . . . . . . . . . . . . . . 32 5. Cryptographic Calculations . . . . . . . . . . . . . . . . . . 32 5.1. EAP-FAST Authentication Phase 1: Key Derivations . . . . . 32 5.2. Intermediate Compound Key Derivations . . . . . . . . . . 33 5.3. Computing the Compound MAC . . . . . . . . . . . . . . . . 34 5.4. EAP Master Session Key Generation . . . . . . . . . . . . 35 5.5. T-PRF . . . . . . . . . . . . . . . . . . . . . . . . . . 35 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 Cam-Winget, et al. Informational [Page 2] RFC 4851 EAP-FAST May 2007 7. Security Considerations . . . . . . . . . . . . . . . . . . . 37 7.1. Mutual Authentication and Integrity Protection . . . . . . 37Show full document text