Hi, John and I have submitted a draft that updates RFC 3748, updating some of the security considerations, terms, references, the IANA considerations, and few other updates. While the believe that the update from RFC 3748 is useful, it is by no means something that absolutely has to be done, but has been provided for your consideration, with an interest in maintaining the documentation. The document is available here:
https://tools.ietf.org/html/draft-arkko-emu-rfc3748bis-00 (full) https://arkko.com/ietf/eap/draft-arkko-emu-rfc3748bis-from-rfc3748.diff.html (diff to RFC 3748) Thoughts? Feedback? There may be more security and other changes to incorporate, but so far the changes in this draft include: o The names of the MSK and EMSK terms used to discuss and specify the protocol have been changed. o The security considerations note the deficiencies in legacy EAP methods such as MD5-Challenge in Section 7.11.1, and recommend the use of more modern authentication methods. o Ivo Sedlacek's errata on a reference to Section 7.12 rather than Section 7.2 from Section 3.4 has been adopted. o IANA rules have been updated to comply with RFC 8126 and current allocations. o References have been updated to their most recent versions. o The security claim perfect forward secrecy has been added. o References to 3GPP 5G has been added. o The peer-name portion of the NAI SHOULD be omitted in the EAP- Response/Identity. o Since the publication of RFC3748, several documents related to the core EAP document have been published: [RFC4137] offers a proposed state machine [RFC5113] defines the network discovery and selection problem, [RFC5247] specifies the EAP key hierarchy, [RFC6677] [RFC7029] explores man-in-the-middle attacks and defines how to implement channel bindings. References to RFC 4137, RFC 5113, RFC 5247, RFC 6677, and RFC 7029 3GPP have been added. There are still some open questions, however. Jari and John _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
