The IESG has approved the following document: - 'Dynamic Provisioning using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST) ' <draft-cam-winget-eap-fast-provisioning-10.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-provisioning-10.txt Technical Summary The flexible authentication via secure tunneling EAP method (EAP-FAST) enables secure communication between a peer and a server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. EAP-FAST also enables the provisioning credentials or other information through this protected tunnel. This document describes the use of EAP-FAST for dynamic provisioning. Working Group Summary This is part of the ongoing effort to document existing deployed EAP methods. The purpose of this document is to publish existing behavior and it is therefore not part of a working group effort. Document Quality There are multiple implementations of EAP-FAST provisioning from different vendors that interoperate. A number of implementers have reviewed this specification. Personnel Joe Salowey is the Document Shepherd; Tim Polk is the responsible Area Director. RFC Editor Note Please make the three following changes: - Section 4.1.3 - third sentence in paragraph 1 OLD It is presented within the protected EAP-FAST TLS tunnel to provide user information during stateless session resume so user authentication MAY be skipped. NEW The PAC-Opaque portion of the User Authorization PAC is presented within the protected EAP-FAST TLS tunnel to provide user information during stateless session resume so user authentication MAY be skipped. - Section 4.2.3 - first sentence OLD The PAC-Opaque attribute is included within the PAC TLV whenever the server wishes to issue or renew a PAC. NEW The PAC-Opaque attribute is included within the PAC TLV whenever the server wishes to issue or renew a PAC or the client wishes to present a User Authorization PAC to the server. - Section 4.2.4 - add to end of first paragraph NEW PAC-Info attribute is included within the PAC TLV whenever the server wishes to issue or renew a PAC. _______________________________________________ IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
