An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com> Subject: Document Action: 'An EAP Authentication Method Based on the EKE Protocol' to Informational RFC (draft-sheffer-emu-eap-eke-09.txt) The IESG has approved the following document: - 'An EAP Authentication Method Based on the EKE Protocol' (draft-sheffer-emu-eap-eke-09.txt) as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Russ Housley. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-sheffer-emu-eap-eke/
Technical Summary The Extensible Authentication Protocol (EAP) describes a framework that allows the use of multiple authentication mechanisms. This document defines an authentication mechanism for EAP called EAP-EKE, and it is based on the Encrypted Key Exchange (EKE) protocol. This EAP method provides mutual authentication through the use of a short, easy to remember password. The EAP-EKE method is not susceptible to dictionary attacks, and it does not make use of public-key certificates. Working Group Summary This document is not the product of any IETF WG. The document was presented twice to the IETF EMU WG; however, the WG did not adopt the EAP-EKE method (or at least one other password-based method) despite some interest by participants and the chairs since the WG has its hands full with existing chartered work items. Protocol Quality The document was reviewed by Russ Housley for the IESG. The document was implemented by a university team, who added support to an existing EAP client and a RADIUS server implementation, and tested for interoperability. Some protocol changes resulted.