Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0)
RFC 5281
Document Type RFC - Informational (August 2008; Errata)
Was draft-funk-eap-ttls-v0 (individual in int area)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5281 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Jari Arkko
Send notices to emu-chairs@ietf.org, ldondeti@qualcomm.com
Email authors IPR References Referenced by Nits 
Network Working Group                                            P. Funk
Request for Comments: 5281                                  Unaffiliated
Category: Informational                                  S. Blake-Wilson
                                                                 SafeNet
                                                             August 2008

  Extensible Authentication Protocol Tunneled Transport Layer Security
             Authenticated Protocol Version 0 (EAP-TTLSv0)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   EAP-TTLS is an EAP (Extensible Authentication Protocol) method that
   encapsulates a TLS (Transport Layer Security) session, consisting of
   a handshake phase and a data phase.  During the handshake phase, the
   server is authenticated to the client (or client and server are
   mutually authenticated) using standard TLS procedures, and keying
   material is generated in order to create a cryptographically secure
   tunnel for information exchange in the subsequent data phase.  During
   the data phase, the client is authenticated to the server (or client
   and server are mutually authenticated) using an arbitrary
   authentication mechanism encapsulated within the secure tunnel.  The
   encapsulated authentication mechanism may itself be EAP, or it may be
   another authentication protocol such as PAP, CHAP, MS-CHAP, or MS-
   CHAP-V2.  Thus, EAP-TTLS allows legacy password-based authentication
   protocols to be used against existing authentication databases, while
   protecting the security of these legacy protocols against
   eavesdropping, man-in-the-middle, and other attacks.  The data phase
   may also be used for additional, arbitrary data exchange.

Funk & Blake-Wilson          Informational                      [Page 1]
RFC 5281                       EAP-TTLSv0                    August 2008

Table of Contents

   1. Introduction ....................................................4
   2. Motivation ......................................................5
   3. Requirements Language ...........................................7
   4. Terminology .....................................................7
   5. Architectural Model .............................................9
      5.1. Carrier Protocols .........................................10
      5.2. Security Relationships ....................................10
      5.3. Messaging .................................................11
      5.4. Resulting Security ........................................12
   6. Protocol Layering Model ........................................12
   7. EAP-TTLS Overview ..............................................13
      7.1. Phase 1: Handshake ........................................14
      7.2. Phase 2: Tunnel ...........................................14
      7.3. EAP Identity Information ..................................15
      7.4. Piggybacking ..............................................15
      7.5. Session Resumption ........................................16
      7.6. Determining Whether to Enter Phase 2 ......................17
      7.7. TLS Version ...............................................18
      7.8. Use of TLS PRF ............................................18
   8. Generating Keying Material .....................................19
   9. EAP-TTLS Protocol ..............................................20
      9.1. Packet Format .............................................20
      9.2. EAP-TTLS Start Packet .....................................21
           9.2.1. Version Negotiation ................................21
           9.2.2. Fragmentation ......................................22
           9.2.3. Acknowledgement Packets ............................22
   10. Encapsulation of AVPs within the TLS Record Layer .............23
      10.1. AVP Format ...............................................23
      10.2. AVP Sequences ............................................25
      10.3. Guidelines for Maximum Compatibility with AAA Servers ....25
   11. Tunneled Authentication .......................................26
      11.1. Implicit Challenge .......................................26
      11.2. Tunneled Authentication Protocols ........................27
           11.2.1. EAP ...............................................27
           11.2.2. CHAP ..............................................29
           11.2.3. MS-CHAP ...........................................30
           11.2.4. MS-CHAP-V2 ........................................30
           11.2.5. PAP ...............................................32
      11.3. Performing Multiple Authentications ......................33
      11.4. Mandatory Tunneled Authentication Support ................34
      11.5. Additional Suggested Tunneled Authentication Support .....34
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools