IETF Logo Mail Archive

Protocol Action: 'The EAP TLS Authentication Protocol' to Proposed Standard

The IESG <iesg-secretary@ietf.org> Tue, 29 January 2008 21:07 UTC

Return-path: <ietf-announce-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJxfl-0007v6-C4; Tue, 29 Jan 2008 16:07:13 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JJxfj-0007ub-C7; Tue, 29 Jan 2008 16:07:11 -0500
Received: from ns4.neustar.com ([156.154.24.139]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JJxfi-0003mB-V3; Tue, 29 Jan 2008 16:07:11 -0500
Received: from stiedprstage1.ietf.org (stiedprstage1.va.neustar.com [10.31.47.10]) by ns4.neustar.com (Postfix) with ESMTP id 8E1862AC49; Tue, 29 Jan 2008 21:07:10 +0000 (GMT)
Received: from ietf by stiedprstage1.ietf.org with local (Exim 4.43) id 1JJxfi-00058C-B4; Tue, 29 Jan 2008 16:07:10 -0500
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1JJxfi-00058C-B4@stiedprstage1.ietf.org>
Date: Tue, 29 Jan 2008 16:07:10 -0500
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Cc: Internet Architecture Board <iab@iab.org>, emu mailing list <emu@ietf.org>, emu chair <emu-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'The EAP TLS Authentication Protocol' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Errors-To: ietf-announce-bounces@ietf.org

The IESG has approved the following document:

- 'The EAP TLS Authentication Protocol '
   <draft-simon-emu-rfc2716bis-13.txt> as a Proposed Standard

This document is the product of the EAP Method Update Working Group. 

The IESG contact persons are Sam Hartman and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-simon-emu-rfc2716bis-13.txt

Technical Summary
 
   The Extensible Authentication Protocol (EAP), defined in RFC 3748,
   provides support for multiple authentication methods. Transport Level
   Security (TLS) provides for mutual authentication, integrity-protected
   ciphersuite negotiation and key exchange between two endpoints. This
   document defines EAP-TLS, which includes support for certificate-based
   mutual authentication and key derivation. This document obsoletes RFC
   2716 to bring EAP-TLS into the standards track.
 
Working Group Summary
 
   The document represents rough consensus of the working group.
 
Protocol Quality
 
This document has been reviewed for the IESG by Sam Hartman.   There are
many interoperable implementation of EAP-TLS deployed today.
   This document has been reviewed by people involved in the EAP, TLS and
   PKIX working groups.


Note to RFC Editor
 
Please replace Section 2.4 with the following text:

2.4.  Ciphersuite and Compression Negotiation

  EAP-TLS implementations MUST support TLS v1.0.

  EAP-TLS implementations need not necessarily support all TLS
  ciphersuites listed in [RFC4346].  Not all TLS ciphersuites are
  supported by available TLS tool kits and licenses may be required in
  some cases.

  To ensure interoperability, EAP-TLS peers and servers MUST support
  the TLS [RFC4346] mandatory-to-implement ciphersuite:

      TLS_RSA_WITH_3DES_EDE_CBC_SHA

  EAP-TLS peers and servers SHOULD also support and be able
  to negotiate the following TLS ciphersuites:

        TLS_RSA_WITH_RC4_128_SHA [RFC4346]
        TLS_RSA_WITH_AES_128_CBC_SHA [RFC3268]

  In addition, EAP-TLS servers SHOULD support and be able to negotiate
  the following TLS ciphersuite:

      TLS_RSA_WITH_RC4_128_MD5 [RFC4346]

  Since TLS supports ciphersuite negotiation, peers completing the TLS
  negotiation will also have selected a ciphersuite, which includes
  encryption and hashing methods.  Since the ciphersuite negotiated
  within EAP-TLS applies only to the EAP conversation, TLS ciphersuite
  negotiation MUST NOT be used to negotiate the ciphersuites used to
  secure data.

  TLS also supports compression as well as ciphersuite negotiation.
  However, during the EAP-TLS conversation the EAP peer and server MUST
  NOT request or negotiate compression.


_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce

v2.23.0 | Report a Bug | By Email