The IESG has approved the following document: - 'Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM) ' <draft-haverinen-pppext-eap-sim-16.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Thomas Narten. Technical Summary This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Global System for Mobile Communications (GSM) Subscriber Identity Module (SIM). GSM is a second generation mobile network standard. The EAP-SIM mechanism specifies enhancements to GSM authentication and key agreement whereby multiple authentication triplets can be combined to create authentication responses and session keys of greater strength than the individual GSM triplets. The mechanism also includes network authentication, user anonymity support, result indications, and a fast re-authentication procedure. Working Group Summary This document is not the product of an IETF WG; it has been submitted to the RFC editor as an independent submission. However, 3GPP also lists this document as one of their dependencies, and they expect some IETF review of the document. Per discussions with Stephen Hayes (3GPP Liaison to IETF), this document has been reviewed by EAP WG for conformance with EAP, but security properties have not been reviewed. Protocol Quality This spec has been reviewed for the IESG by Thomas Narten. It has also been reviewed by the EAP WG for conformance with existing EAP standards. RFC Editor Note: Please add the following sentence to the end of the IESG note: The IETF has also not reviewed the security of the cryptographic algorithms. New section (with additional sentence added): The EAP-SIM protocol was developed by 3GPP. The documentation of EAP-SIM is provided as information to the Internet community. While the EAP WG has verified that EAP-SIM is compatible with EAP as defined in RFC 3748, no other review has been done, including validation of the security claims. The IETF has also not reviewed the security of the cryptographic algorithms. _______________________________________________ IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
