I-D Action:draft-nir-tls-eap-03.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : TLS using EAP Authentication
	Author(s)       : Y. Nir, et al.
	Filename        : draft-nir-tls-eap-03.txt
	Pages           : 21
	Date            : 2008-04-04

This document describes an extension to the TLS protocol to allow TLS
clients to authenticate with legacy credentials using the Extensible
Authentication Protocol (EAP).

This work follows the example of IKEv2, where EAP has been added to
the IKEv2 protocol to allow clients to use different credentials such
as passwords, token cards, and shared secrets.

When TLS is used with EAP, additional records are sent after the
ChangeCipherSpec protocol message and before the Finished message,
effectively creating an extended handshake before the application
layer data can be sent.  Each EapMsg handshake record contains
exactly one EAP message.  Using EAP for client authentication allows
TLS to be used with various AAA back-end servers such as RADIUS or
Diameter.

TLS with EAP may be used for securing a data connection such as HTTP
or POP3.  We believe it has three main benefits:
o  The ability of EAP to work with backend servers can remove that

burden from the application layer.
o  Moving the user authentication into the TLS handshake protects the

presumably less secure application layer from attacks by

unauthenticated parties.
o  Using mutual authentication methods within EAP can help thwart

certain classes of phishing attacks.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-nir-tls-eap-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-nir-tls-eap-03.txt>
_______________________________________________

I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux