Technical Summary
The flexible authentication via secure tunneling EAP method (EAP-FAST)
enables secure communication between a peer and a server by using
Transport Layer Security (TLS) to establish a mutually authenticated
tunnel. EAP-FAST also enables the provisioning credentials or other
information through this protected tunnel. This document describes the
use of EAP-FAST for dynamic provisioning.
Working Group Summary
This is part of the ongoing effort to document existing deployed EAP
methods. The purpose of this document is to publish existing behavior
and it is therefore not part of a working group effort.
Document Quality
There are multiple implementations of EAP-FAST provisioning from
different vendors that interoperate. A number of implementers have
reviewed this specification.
Personnel
Joe Salowey is the Document Shepherd; Tim Polk is the responsible
Area Director.
RFC Editor Note
Please make the three following changes:
- Section 4.1.3 - third sentence in paragraph 1
OLD
It is presented within the protected EAP-FAST TLS tunnel to provide
user information during stateless session resume so user authentication
MAY be skipped.
NEW
The PAC-Opaque portion of the User Authorization PAC is presented
within the protected EAP-FAST TLS tunnel to provide user information
during stateless session resume so user authentication MAY be skipped.
- Section 4.2.3 - first sentence
OLD
The PAC-Opaque attribute is included within the PAC TLV whenever the
server wishes to issue or renew a PAC.
NEW
The PAC-Opaque attribute is included within the PAC TLV whenever the
server wishes to issue or renew a PAC or the client wishes to present a
User Authorization PAC to the server.
- Section 4.2.4 - add to end of first paragraph
NEW
PAC-Info attribute is included within the PAC TLV whenever the server
wishes to issue or renew a PAC.