An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol
RFC 6124

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Document Action: 'An EAP Authentication Method Based on the EKE Protocol' to Informational RFC (draft-sheffer-emu-eap-eke-09.txt)

The IESG has approved the following document:
- 'An EAP Authentication Method Based on the EKE Protocol'
  (draft-sheffer-emu-eap-eke-09.txt) as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Russ Housley.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-sheffer-emu-eap-eke/

Technical Summary

  The Extensible Authentication Protocol (EAP) describes a framework
  that allows the use of multiple authentication mechanisms.  This
  document defines an authentication mechanism for EAP called EAP-EKE,
  and it is based on the Encrypted Key Exchange (EKE) protocol.  This
  EAP method provides mutual authentication through the use of a short,
  easy to remember password.  The EAP-EKE method is not susceptible to
  dictionary attacks, and it does not make use of public-key
  certificates.

Working Group Summary

  This document is not the product of any IETF WG.

  The document was presented twice to the IETF EMU WG; however, the WG
  did not adopt the EAP-EKE method (or at least one other password-based
  method) despite some interest by participants and the chairs since the
  WG has its hands full with existing chartered work items.

Protocol Quality

  The document was reviewed by Russ Housley for the IESG.

  The document was implemented by a university team, who added support
  to an existing EAP client and a RADIUS server implementation, and
  tested for interoperability. Some protocol changes resulted.