[Emu] I-D Action: draft-ietf-emu-aka-pfs-07.txt

internet-drafts@ietf.org Mon, 11 July 2022 19:40 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: emu@ietf.org
Delivered-To: emu@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E1C45C184B33; Mon, 11 Jul 2022 12:40:23 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: emu@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.6.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: emu@ietf.org
Message-ID: <165756842391.4931.9689632066661962658@ietfa.amsl.com>
Date: Mon, 11 Jul 2022 12:40:23 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/377XiTIlDvOg-Rr42VEuCRwU-ek>
Subject: [Emu] I-D Action: draft-ietf-emu-aka-pfs-07.txt
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2022 19:40:24 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the EAP Method Update WG of the IETF.

        Title           : Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)
        Authors         : Jari Arkko
                          Karl Norrman
                          Vesa Torvinen
                          John Mattsson
  Filename        : draft-ietf-emu-aka-pfs-07.txt
  Pages           : 28
  Date            : 2022-07-11

   Many different attacks have been reported as part of revelations
   associated with pervasive surveillance.  Some of the reported attacks
   involved compromising the smart card supply chain, such as attacking
   SIM card manufacturers and operators in an effort to compromise
   shared secrets stored on these cards.  Since the publication of those
   reports, manufacturing and provisioning processes have gained much
   scrutiny and have improved.  However, the danger of resourceful
   attackers for these systems is still a concern.  Always assuming
   breach such as key compromise and minimizing the impact of breach are
   essential zero-trust principles.

   This specification is an optional extension to the EAP-AKA'
   authentication method which was defined in [RFC9048].  The extension,
   when negotiated, provides Forward Secrecy for the session key
   generated as a part of the authentication run in EAP-AKA'.  This
   prevents an attacker who has gained access to the long-term pre-
   shared secret in a SIM card from being able to decrypt any past
   communications.  In addition, if the attacker stays merely a passive
   eavesdropper, the extension prevents attacks against future sessions.
   This forces attackers to use active attacks instead.

The IETF datatracker status page for this draft is:

There is also an htmlized version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts