[Emu] Fwd: New Version Notification for draft-arkko-eap-aka-pfs-01.txt

Mon, 05 Mar 2018 14:20:06 -0800 

FYI

> Begin forwarded message:
> 
> From: internet-dra...@ietf.org
> Subject: New Version Notification for draft-arkko-eap-aka-pfs-01.txt
> Date: 5 March 2018 at 16.18.46 GMT+2
> To: "Jari Arkko" <jari.ar...@piuha.net>, "Vesa Torvinen" 
> <vesa.torvi...@ericsson.com>, "Karl Norrman" <karl.norr...@ericsson.com>
> 
> 
> A new version of I-D, draft-arkko-eap-aka-pfs-01.txt
> has been successfully submitted by Jari Arkko and posted to the
> IETF repository.
> 
> Name:         draft-arkko-eap-aka-pfs
> Revision:     01
> Title:                Perfect-Forward Secrecy for the Extensible 
> Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' 
> PFS)
> Document date:        2018-03-05
> Group:                Individual Submission
> Pages:                22
> URL:            
> https://www.ietf.org/internet-drafts/draft-arkko-eap-aka-pfs-01.txt
> Status:         https://datatracker.ietf.org/doc/draft-arkko-eap-aka-pfs/
> Htmlized:       https://tools.ietf.org/html/draft-arkko-eap-aka-pfs-01
> Htmlized:       
> https://datatracker.ietf.org/doc/html/draft-arkko-eap-aka-pfs-01
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-arkko-eap-aka-pfs-01
> 
> Abstract:
>   Many different attacks have been reported as part of revelations
>   associated with pervasive surveillance.  Some of the reported attacks
>   involved compromising smart cards, such as attacking SIM card
>   manufacturers and operators in an effort to compromise shared secrets
>   stored on these cards.  Since the publication of those reports,
>   manufacturing and provisioning processes have gained much scrutiny
>   and have improved.  However, the danger of resourceful attackers for
>   these systems is still a concern.
> 
>   This specification is an optional extension to the EAP-AKA'
>   authentication method which was defined in RFC 5448.  The extension
>   provides Perfect Forward Secrecy for the session key generated as a
>   part of the authentication run in EAP-AKA'.  This prevents an
>   attacker who has gained access to the long-term pre-shared secret in
>   a SIM card from merely passively eavesdropping the EAP-AKA' exchanges
>   and deriving associated session keys, forcing attackers to use active
>   attacks instead.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 


_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to