Technical Summary
The Extensible Authentication Protocol (EAP) describes a framework
that allows the use of multiple authentication mechanisms. This
document defines an authentication mechanism for EAP called EAP-EKE,
and it is based on the Encrypted Key Exchange (EKE) protocol. This
EAP method provides mutual authentication through the use of a short,
easy to remember password. The EAP-EKE method is not susceptible to
dictionary attacks, and it does not make use of public-key
certificates.
Working Group Summary
This document is not the product of any IETF WG.
The document was presented twice to the IETF EMU WG; however, the WG
did not adopt the EAP-EKE method (or at least one other password-based
method) despite some interest by participants and the chairs since the
WG has its hands full with existing chartered work items.
Protocol Quality
The document was reviewed by Russ Housley for the IESG.
The document was implemented by a university team, who added support
to an existing EAP client and a RADIUS server implementation, and
tested for interoperability. Some protocol changes resulted.