The EAP-TLS Authentication Protocol
RFC 5216

Received changes through RFC Editor sync (changed abstract to 'The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides support for multiple authentication methods. Transport Layer Security (TLS) provides for mutual authentication, integrity-protected ciphersuite negotiation, and key exchange between two endpoints. This document defines EAP-TLS, which includes support for certificate-based mutual authentication and key derivation.

This document obsoletes RFC 2716. A summary of the changes between this document and RFC 2716 is available in Appendix A. [STANDARDS-TRACK]')

[Ballot comment]
In this excerpt:
----
  all of the following TLS ciphersuites:

      TLS_RSA_WITH_RC4_128_MD5
      TLS_RSA_WITH_RC4_128_SHA
      TLS_RSA_WITH_AES_128_CBC_SHA

  In addition, EAP-TLS peers SHOULD support the following TLS
  ciphersuites defined in [RFC3268]:

      TLS_RSA_WITH_AES_128_CBC_SHA
      TLS_RSA_WITH_RC4_128_SHA
----

There are two errors: 1. two of the cipher suites are listed twice.
2. the RC4_128 cipher suite is not defined in RFC 3268.

Q: Would it be useful for this protocol to recommend support for the
server name indication extension in RFC 4366?  Otherwise the server
requires an IP address for each name it supports.

I agree with the following proposed resolution from Bernard Aboba:

2.4.  Ciphersuite and Compression Negotiation

  EAP-TLS implementations MUST support TLS v1.0.

  EAP-TLS implementations need not necessarily support all TLS
  ciphersuites listed in [RFC4346].  Not all TLS ciphersuites are
  supported by available TLS tool kits and licenses may be required in
  some cases.

  To ensure interoperability, EAP-TLS peers and servers MUST support
  the TLS [RFC4346] mandatory-to-implement ciphersuite:

      TLS_RSA_WITH_3DES_EDE_CBC_SHA

  EAP-TLS peers and servers SHOULD also support and be able
  to negotiate the following TLS ciphersuites:

        TLS_RSA_WITH_RC4_128_SHA [RFC4346]
        TLS_RSA_WITH_AES_128_CBC_SHA [RFC3268]

  In addition, EAP-TLS servers SHOULD support and be able to negotiate
  the following TLS ciphersuite:

      TLS_RSA_WITH_RC4_128_MD5 [RFC4346]

  Since TLS supports ciphersuite negotiation, peers completing the TLS
  negotiation will also have selected a ciphersuite, which includes
  encryption and hashing methods.  Since the ciphersuite negotiated
  within EAP-TLS applies only to the EAP conversation, TLS ciphersuite
  negotiation MUST NOT be used to negotiate the ciphersuites used to
  secure data.

  TLS also supports compression as well as ciphersuite negotiation.
  However, during the EAP-TLS conversation the EAP peer and server MUST
  NOT request or negotiate compression.

[Ballot discuss]
I'd like to discuss the cipher suite issue raised in my comment on the
IESG call.  An RFC editor note or even an assurance the typos will be
fixed before publication would suffice to clear my discuss position.

[Ballot comment]
In this excerpt:
----
  all of the following TLS ciphersuites:

      TLS_RSA_WITH_RC4_128_MD5
      TLS_RSA_WITH_RC4_128_SHA
      TLS_RSA_WITH_AES_128_CBC_SHA

  In addition, EAP-TLS peers SHOULD support the following TLS
  ciphersuites defined in [RFC3268]:

      TLS_RSA_WITH_AES_128_CBC_SHA
      TLS_RSA_WITH_RC4_128_SHA
----

There are two errors: 1. two of the cipher suites are listed twice.
2. the RC4_128 cipher suite is not defined in RFC 3268.

Q: Would it be useful for this protocol to recommend support for the
server name indication extension in RFC 4366?  Otherwise the server
requires an IP address for each name it supports.

IANA Last Call comments:

Upon approval of this document, the IANA will make the following
changes in "Extensible Authentication Protocol (EAP) Registry" registry located at
http://www.iana.org/assignments/eap-parameters
sub-registry "Method Types:"

OLD:
----
Value Description Reference
----- ----------- ---------
13 EAP-TLS [Aboba]

NEW:
13 EAP-TLS [RFC-simon-emu-
rfc2716bis-11]

We understand the above to be the only IANA Actions for this document.

PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the Document
Shepherd personally reviewed this version of the document and, in
particular, does he or she believe this version is ready for forwarding
to the IESG for publication?

Joe Salowey, the working group chair, is the document shepherd for this
document and has personally reviewed the document and believe it is
ready for forwarding to the IESG for publication.

(1.b) Has the document had adequate review both from key WG members and
from key non-WG members? Does the Document Shepherd have any concerns
about the depth or breadth of the reviews that have been performed?

They document has received adequate review from both working group and
non WG members. This includes members of the TLS and PKIX community.

(1.c) Does the Document Shepherd have concerns that the document needs
more review from a particular or broader perspective, e.g., security,
operational complexity, someone familiar with AAA, internationalization
or XML?

No

(1.d) Does the Document Shepherd have any specific concerns or issues
with this document that the Responsible Area Director and/or the IESG
should be aware of? For example, perhaps he or she is uncomfortable with
certain parts of the document, or has concerns whether there really is a
need for it. In any event, if the WG has discussed those issues and has
indicated that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document been
filed? If so, please include a reference to the disclosure and summarize
the WG discussion and conclusion on this issue.

The document Shepherd is not aware of any specific concerns.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others being
silent, or does the WG as a whole understand and agree with it?

The document represents a reasonably strong consensus with the active
members of the working group in favor of the document moving forward.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarize the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is entered into the ID
Tracker.)

No.

(1.g) Has the Document Shepherd personally verified that the document
satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough;
this check needs to be thorough. Has the document met all formal review
criteria it needs to, such as the MIB Doctor, media type and URI type
reviews?

Yes

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that are not
ready for advancement or are otherwise in an unclear state? If such
normative references exist, what is the strategy for their completion?
Are there normative references that are downward references, as
described in [RFC3967]? If so, list these downward references to support
the Area Director in the Last Call procedure for them [RFC3967].

The document has split references with no downward or dependent
references

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body of the
document? If the document specifies protocol extensions, are
reservations requested in appropriate IANA registries? Are the IANA
registries clearly identified? If the document creates a new registry,
does it define the proposed initial contents of the registry and an
allocation procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC2434]. If the document
describes an Expert Review process has Shepherd conferred with the
Responsible Area Director so that the IESG can appoint the needed Expert
during the IESG Evaluation?

IANA considerations section exists and is consistent with the body of
the document. Appropriate registries are requested, identified and
populated with initial values.

(1.j) Has the Document Shepherd verified that sections of the document
that are written in a formal language, such as XML code, BNF rules, MIB
definitions, etc., validate correctly in an automated checker?

Not applicable

(1.k) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up? Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

The Extensible Authentication Protocol (EAP), defined in RFC 3748,
provides support for multiple authentication methods. Transport Level
Security (TLS) provides for mutual authentication, integrity-protected
ciphersuite negotiation and key exchange between two endpoints. This
document defines EAP-TLS, which includes support for certificate-based
mutual authentication and key derivation. This document obsoletes RFC
2716 to bring EAP-TLS into the standards track.

Working Group Summary

The document represents rough consensus of the working group.

Document Quality

There are many interoperable implementation of EAP-TLS deployed today.
This document has been reviewed by people involved in the EAP, TLS and
PKIX working groups.

Personnel

Joe Salowey, the EMU chair, is the document shepherd. The responsible
Area Director is Sam Hartman.