[SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-04.txt

Magnus Nyström <magnus@rsasecurity.com> Tue, 06 December 2005 08:55 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EjYbm-0008JL-Sk; Tue, 06 Dec 2005 03:55:34 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EjYbl-0008If-HC for secmech@megatron.ietf.org; Tue, 06 Dec 2005 03:55:33 -0500
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [216.162.240.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA24902 for <SECMECH@lists.ietf.org>; Tue, 6 Dec 2005 03:54:41 -0500 (EST)
Received: from mailx.rsasecurity.com by vulcan.rsasecurity.com via smtpd (for odin.ietf.org [132.151.1.176]) with ESMTP; Tue, 6 Dec 2005 03:55:32 -0500
Received: from sdtihq24.securid.com by hyperion.na.rsa.net with ESMTP id BMK45015; Tue, 6 Dec 2005 03:55:01 -0500 (EST)
Received: from rsana-ex-hq1.NA.RSA.NET (e2k.rsa.net [10.100.8.50]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id jB68t0Nt015441 for <SECMECH@lists.ietf.org>; Tue, 6 Dec 2005 03:55:01 -0500 (EST)
Received: from rsana-ex-sm1.NA.RSA.NET ([10.80.211.17]) by rsana-ex-hq1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 Dec 2005 03:55:00 -0500
Received: from localhost ([10.3.9.4]) by rsana-ex-sm1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 Dec 2005 00:54:58 -0800
Date: Tue, 6 Dec 2005 09:55:05 +0100 (W. Europe Standard Time)
From: =?iso-8859-1?Q?Magnus_Nystr=F6m?= <magnus@rsasecurity.com>
To: SECMECH@ietf.org
Message-ID: <Pine.WNT.4.62.0512051659000.5352@CTO-LAPTOP.eu.rsa.net>
X-X-Sender: mnystrom@[10.80.211.17]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-OriginalArrivalTime: 06 Dec 2005 08:54:59.0082 (UTC) FILETIME=[BCB6F6A0:01C5FA42]
Cc:
Subject: [SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-04.txt
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: magnus@rsasecurity.com
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

Dear All,

Internet-Drafts@ietf.org wrote:

> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.

>	Title		: The Protected One-Time Password Protocol 
>			  (EAP-POTP)
>	Author(s)	: M. Nystrom
>	Filename	: draft-nystrom-eap-potp-04.txt
>	Pages		: 84
>	Date		: 2005-12-2

> This document describes a general EAP method suitable for use with 
> One-Time Password (OTP) tokens, and offers particular advantages for 
> tokens with direct electronic interfaces to their associated clients. 
> The method can be used to provide unilateral or mutual authentication, 
> and key material, in protocols utilizing EAP, such as PPP, IEEE 802.1X 
> and IKEv2.

> A URL for this Internet-Draft is: 
> http://www.ietf.org/internet-drafts/draft-nystrom-eap-potp-04.txt

Changes compared to version -03 besides editorial clarifications and
corrections include:

- Derivation of a special session resumption key (SRK) at the same time as
   derivation of other keys such as the EMSK and the MSK. This avoids some
   issues identified with the use of the EMSK as a basis for the SRK.

- Parameterization of the hash, encryption, and MAC algorithms through a
   new "Crypto Algorithm TLV". This is to allow for a transition to other
   algorithms in the future, should the default (mandated) set be regarded
   as inappropriate.

- Addition of a "Challenge TLV" for those cases where the challenge used
   in a challenge-response method otherwise would be unknown to the EAP
   server.

I would also like to point out that static passwords may be used with this 
EAP method too.

-- Magnus


_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech