[Emu] Protocol Action: 'Nimble out-of-band authentication for EAP (EAP-NOOB)' to Proposed Standard (draft-ietf-emu-eap-noob-06.txt)
The IESG has approved the following document: - 'Nimble out-of-band authentication for EAP (EAP-NOOB)' (draft-ietf-emu-eap-noob-06.txt) as Proposed Standard This document is the product of the EAP Method Update Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-emu-eap-noob/ Technical Summary The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB message between the peer device and authentication server to authenticate the in-band key exchange. The device must have an input or output interface, such as a display, microphone, speaker or blinking light, which can send or receive dynamically generated messages of tens of bytes in length. Working Group Summary The document received a detailed early IoT directorate review. Document Quality At least three public implementations of the protocol are available: 1. wpa_supplicant - https://github.com/tuomaura/eap-noob 2. contiki - https://github.com/eduingles/coap-eap-noob 3. hostap - https://github.com/Vogeltak/hostap The protocol has security proofs: 1. Proverif: https://github.com/tuomaura/eap-noob/tree/master/protocolmodel/proverif 2. mcrl2: https://github.com/tuomaura/eap-noob/tree/master/protocolmodel/mcrl2 Personnel Document Shepherd - Joe Salowey Responsible AD - Roman Danyliw ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Last Call: (Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)) to Proposed Standard
The IESG has received a request from the EAP Method Update WG (emu) to consider the following document: - 'Using EAP-TLS with TLS 1.3 (EAP-TLS 1.3)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-c...@ietf.org mailing lists by 2021-09-20. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-Transport Layer Security (EAP-TLS) with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/ No IPR declarations have been submitted directly on this I-D. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
