[Emu] Protocol Action: 'The EAP TLS Authentication Protocol' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 29 January 2008 21:07 UTC
Return-path: <emu-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJxfn-0007vN-0J; Tue, 29 Jan 2008 16:07:15 -0500
Received: from emu by megatron.ietf.org with local (Exim 4.43) id 1JJxfj-0007uj-Pg for emu-confirm+ok@megatron.ietf.org; Tue, 29 Jan 2008 16:07:11 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJxfj-0007ub-C7; Tue, 29 Jan 2008 16:07:11 -0500
Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JJxfi-0003mB-V3; Tue, 29 Jan 2008 16:07:11 -0500
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 8E1862AC49; Tue, 29 Jan 2008 21:07:10 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1JJxfi-00058C-B4; Tue, 29 Jan 2008 16:07:10 -0500
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1JJxfi-00058C-B4@stiedprstage1.ietf.org>
Date: Tue, 29 Jan 2008 16:07:10 -0500
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Cc: Internet Architecture Board <iab@iab.org>, emu mailing list <emu@ietf.org>, emu chair <emu-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [Emu] Protocol Action: 'The EAP TLS Authentication Protocol' to Proposed Standard
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
The IESG has approved the following document: - 'The EAP TLS Authentication Protocol ' <draft-simon-emu-rfc2716bis-13.txt> as a Proposed Standard This document is the product of the EAP Method Update Working Group. The IESG contact persons are Sam Hartman and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-simon-emu-rfc2716bis-13.txt Technical Summary The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides support for multiple authentication methods. Transport Level Security (TLS) provides for mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. This document defines EAP-TLS, which includes support for certificate-based mutual authentication and key derivation. This document obsoletes RFC 2716 to bring EAP-TLS into the standards track. Working Group Summary The document represents rough consensus of the working group. Protocol Quality This document has been reviewed for the IESG by Sam Hartman. There are many interoperable implementation of EAP-TLS deployed today. This document has been reviewed by people involved in the EAP, TLS and PKIX working groups. Note to RFC Editor Please replace Section 2.4 with the following text: 2.4. Ciphersuite and Compression Negotiation EAP-TLS implementations MUST support TLS v1.0. EAP-TLS implementations need not necessarily support all TLS ciphersuites listed in [RFC4346]. Not all TLS ciphersuites are supported by available TLS tool kits and licenses may be required in some cases. To ensure interoperability, EAP-TLS peers and servers MUST support the TLS [RFC4346] mandatory-to-implement ciphersuite: TLS_RSA_WITH_3DES_EDE_CBC_SHA EAP-TLS peers and servers SHOULD also support and be able to negotiate the following TLS ciphersuites: TLS_RSA_WITH_RC4_128_SHA [RFC4346] TLS_RSA_WITH_AES_128_CBC_SHA [RFC3268] In addition, EAP-TLS servers SHOULD support and be able to negotiate the following TLS ciphersuite: TLS_RSA_WITH_RC4_128_MD5 [RFC4346] Since TLS supports ciphersuite negotiation, peers completing the TLS negotiation will also have selected a ciphersuite, which includes encryption and hashing methods. Since the ciphersuite negotiated within EAP-TLS applies only to the EAP conversation, TLS ciphersuite negotiation MUST NOT be used to negotiate the ciphersuites used to secure data. TLS also supports compression as well as ciphersuite negotiation. However, during the EAP-TLS conversation the EAP peer and server MUST NOT request or negotiate compression. _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu