A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update Working Group of the IETF.
Title : EAP Mutual Cryptographic Binding
Author(s) : Sam Hartman
Margaret Wasserman
Dacheng Zhang
Filename : draft-ietf-emu-crypto-bind-01.txt
Pages : 24
Date : 2013-01-05
Abstract:
As the Extensible Authentication Protocol (EAP) evolves, EAP peers
rely increasingly on information received from the EAP server. EAP
extensions such as channel binding or network posture information are
often carried in tunnel methods; peers are likely to rely on this
information. EAP has provided a facility that protects tunnel
methods against man-in-the-middle attacks. However, cryptographic
binding focuses on protecting the server rather than the peer. This
memo explores attacks possible when the peer is not protected from
man-in-the-middle attacks and recommends mutual cryptographic
binding, a new form of cryptographic binding that protects both peer
and server along with other mitigations.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-emu-crypto-bind
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-emu-crypto-bind-01
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-emu-crypto-bind-01
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
