[SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-04.txt
Magnus Nyström <magnus@rsasecurity.com> Tue, 06 December 2005 08:55 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EjYbm-0008JL-Sk; Tue, 06 Dec 2005 03:55:34 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EjYbl-0008If-HC for secmech@megatron.ietf.org; Tue, 06 Dec 2005 03:55:33 -0500
Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [216.162.240.130]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA24902 for <SECMECH@lists.ietf.org>; Tue, 6 Dec 2005 03:54:41 -0500 (EST)
Received: from mailx.rsasecurity.com by vulcan.rsasecurity.com via smtpd (for odin.ietf.org [132.151.1.176]) with ESMTP; Tue, 6 Dec 2005 03:55:32 -0500
Received: from sdtihq24.securid.com by hyperion.na.rsa.net with ESMTP id BMK45015; Tue, 6 Dec 2005 03:55:01 -0500 (EST)
Received: from rsana-ex-hq1.NA.RSA.NET (e2k.rsa.net [10.100.8.50]) by sdtihq24.securid.com (8.12.10/8.12.9) with ESMTP id jB68t0Nt015441 for <SECMECH@lists.ietf.org>; Tue, 6 Dec 2005 03:55:01 -0500 (EST)
Received: from rsana-ex-sm1.NA.RSA.NET ([10.80.211.17]) by rsana-ex-hq1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 Dec 2005 03:55:00 -0500
Received: from localhost ([10.3.9.4]) by rsana-ex-sm1.NA.RSA.NET with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 Dec 2005 00:54:58 -0800
Date: Tue, 06 Dec 2005 09:55:05 +0100
From: Magnus Nyström <magnus@rsasecurity.com>
To: SECMECH@ietf.org
Message-ID: <Pine.WNT.4.62.0512051659000.5352@CTO-LAPTOP.eu.rsa.net>
X-X-Sender: mnystrom@[10.80.211.17]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-OriginalArrivalTime: 06 Dec 2005 08:54:59.0082 (UTC) FILETIME=[BCB6F6A0:01C5FA42]
Cc:
Subject: [SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-04.txt
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: magnus@rsasecurity.com
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org
Dear All, Internet-Drafts@ietf.org wrote: > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > Title : The Protected One-Time Password Protocol > (EAP-POTP) > Author(s) : M. Nystrom > Filename : draft-nystrom-eap-potp-04.txt > Pages : 84 > Date : 2005-12-2 > This document describes a general EAP method suitable for use with > One-Time Password (OTP) tokens, and offers particular advantages for > tokens with direct electronic interfaces to their associated clients. > The method can be used to provide unilateral or mutual authentication, > and key material, in protocols utilizing EAP, such as PPP, IEEE 802.1X > and IKEv2. > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-nystrom-eap-potp-04.txt Changes compared to version -03 besides editorial clarifications and corrections include: - Derivation of a special session resumption key (SRK) at the same time as derivation of other keys such as the EMSK and the MSK. This avoids some issues identified with the use of the EMSK as a basis for the SRK. - Parameterization of the hash, encryption, and MAC algorithms through a new "Crypto Algorithm TLV". This is to allow for a transition to other algorithms in the future, should the default (mandated) set be regarded as inappropriate. - Addition of a "Challenge TLV" for those cases where the challenge used in a challenge-response method otherwise would be unknown to the EAP server. I would also like to point out that static passwords may be used with this EAP method too. -- Magnus _______________________________________________ SECMECH mailing list SECMECH@lists.ietf.org https://www1.ietf.org/mailman/listinfo/secmech
- [SECMECH] Re: I-D ACTION:draft-nystrom-eap-potp-0… Magnus Nyström