Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)
RFC 5281
Document | Type |
RFC - Informational
(August 2008; Errata)
Was draft-funk-eap-ttls-v0 (individual in int area)
|
|
---|---|---|---|
Authors | Paul Funk , Simon Blake-Wilson | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5281 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Jari Arkko | ||
Send notices to | emu-chairs@ietf.org, ldondeti@qualcomm.com |
Network Working Group P. Funk Request for Comments: 5281 Unaffiliated Category: Informational S. Blake-Wilson SafeNet August 2008 Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract EAP-TTLS is an EAP (Extensible Authentication Protocol) method that encapsulates a TLS (Transport Layer Security) session, consisting of a handshake phase and a data phase. During the handshake phase, the server is authenticated to the client (or client and server are mutually authenticated) using standard TLS procedures, and keying material is generated in order to create a cryptographically secure tunnel for information exchange in the subsequent data phase. During the data phase, the client is authenticated to the server (or client and server are mutually authenticated) using an arbitrary authentication mechanism encapsulated within the secure tunnel. The encapsulated authentication mechanism may itself be EAP, or it may be another authentication protocol such as PAP, CHAP, MS-CHAP, or MS- CHAP-V2. Thus, EAP-TTLS allows legacy password-based authentication protocols to be used against existing authentication databases, while protecting the security of these legacy protocols against eavesdropping, man-in-the-middle, and other attacks. The data phase may also be used for additional, arbitrary data exchange. Funk & Blake-Wilson Informational [Page 1] RFC 5281 EAP-TTLSv0 August 2008 Table of Contents 1. Introduction ....................................................4 2. Motivation ......................................................5 3. Requirements Language ...........................................7 4. Terminology .....................................................7 5. Architectural Model .............................................9 5.1. Carrier Protocols .........................................10 5.2. Security Relationships ....................................10 5.3. Messaging .................................................11 5.4. Resulting Security ........................................12 6. Protocol Layering Model ........................................12 7. EAP-TTLS Overview ..............................................13 7.1. Phase 1: Handshake ........................................14 7.2. Phase 2: Tunnel ...........................................14 7.3. EAP Identity Information ..................................15 7.4. Piggybacking ..............................................15 7.5. Session Resumption ........................................16 7.6. Determining Whether to Enter Phase 2 ......................17 7.7. TLS Version ...............................................18 7.8. Use of TLS PRF ............................................18 8. Generating Keying Material .....................................19 9. EAP-TTLS Protocol ..............................................20 9.1. Packet Format .............................................20 9.2. EAP-TTLS Start Packet .....................................21 9.2.1. Version Negotiation ................................21 9.2.2. Fragmentation ......................................22 9.2.3. Acknowledgement Packets ............................22 10. Encapsulation of AVPs within the TLS Record Layer .............23 10.1. AVP Format ...............................................23 10.2. AVP Sequences ............................................25 10.3. Guidelines for Maximum Compatibility with AAA Servers ....25 11. Tunneled Authentication .......................................26 11.1. Implicit Challenge .......................................26 11.2. Tunneled Authentication Protocols ........................27 11.2.1. EAP ...............................................27 11.2.2. CHAP ..............................................29 11.2.3. MS-CHAP ...........................................30 11.2.4. MS-CHAP-V2 ........................................30 11.2.5. PAP ...............................................32 11.3. Performing Multiple Authentications ......................33 11.4. Mandatory Tunneled Authentication Support ................34 11.5. Additional Suggested Tunneled Authentication Support .....34Show full document text