FYI > Begin forwarded message: > > From: internet-dra...@ietf.org > Subject: New Version Notification for draft-arkko-eap-aka-pfs-01.txt > Date: 5 March 2018 at 16.18.46 GMT+2 > To: "Jari Arkko" <jari.ar...@piuha.net>, "Vesa Torvinen" > <vesa.torvi...@ericsson.com>, "Karl Norrman" <karl.norr...@ericsson.com> > > > A new version of I-D, draft-arkko-eap-aka-pfs-01.txt > has been successfully submitted by Jari Arkko and posted to the > IETF repository. > > Name: draft-arkko-eap-aka-pfs > Revision: 01 > Title: Perfect-Forward Secrecy for the Extensible > Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' > PFS) > Document date: 2018-03-05 > Group: Individual Submission > Pages: 22 > URL: > https://www.ietf.org/internet-drafts/draft-arkko-eap-aka-pfs-01.txt > Status: https://datatracker.ietf.org/doc/draft-arkko-eap-aka-pfs/ > Htmlized: https://tools.ietf.org/html/draft-arkko-eap-aka-pfs-01 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-arkko-eap-aka-pfs-01 > Diff: https://www.ietf.org/rfcdiff?url2=draft-arkko-eap-aka-pfs-01 > > Abstract: > Many different attacks have been reported as part of revelations > associated with pervasive surveillance. Some of the reported attacks > involved compromising smart cards, such as attacking SIM card > manufacturers and operators in an effort to compromise shared secrets > stored on these cards. Since the publication of those reports, > manufacturing and provisioning processes have gained much scrutiny > and have improved. However, the danger of resourceful attackers for > these systems is still a concern. > > This specification is an optional extension to the EAP-AKA' > authentication method which was defined in RFC 5448. The extension > provides Perfect Forward Secrecy for the session key generated as a > part of the authentication run in EAP-AKA'. This prevents an > attacker who has gained access to the long-term pre-shared secret in > a SIM card from merely passively eavesdropping the EAP-AKA' exchanges > and deriving associated session keys, forcing attackers to use active > attacks instead. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu