Hi emu folks,as already teased at the last IETF, we finally have a first I-D ready for EAP-FIDO.[1]
The basic idea:Password-based network authentication is not really state-of-the-art any more and, due to failure to verify the server certificate, sometimes even completely broken. Almost every device nowadays has a TPM chip or something similar, that is able to speak FIDO, either with the help of the OS or generically.
So, why not use FIDO to log in to networks?There is a proof-of-concept implementation (not compatible with the spec in the draft yet, just to show that "It works™") that was used to perform an eduroam login at a conference with an EAP-FIDO key.
We will hold a side-meeting on Monday evening, 18:00 in Room Karlin 4, to discuss some of the open design questions and to gather feedback on what else may be needed in the specification.
We have also requested a time slot at the emu session on Tuesday, to shortly present the work.
Any feedback is welcome. Cheers Janfred [1]: https://datatracker.ietf.org/doc/draft-janfred-eap-fido/ -- Herr Jan-Frederik Rieckers Security, Trust & Identity Services E-Mail: rieck...@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370 Pronomen: er/sein | Pronouns: he/him __________________________________________________________________________________DFN - Deutsches Forschungsnetz | German National Research and Education Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V. Alexanderplatz 1 | 10178 Berlin www.dfn.deVorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch VR AG Charlottenburg 7729B | USt.-ID. DE 1366/23822
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu