[TLS] Fwd: I-D Action:draft-nir-tls-eap-02.txt
Yoav Nir <ynir@checkpoint.com> Sun, 14 October 2007 15:15 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ih5Bi-0000pn-Al; Sun, 14 Oct 2007 11:15:30 -0400
Received: from tls by megatron.ietf.org with local (Exim 4.43) id 1Ih5Bh-0000nk-Oh for tls-confirm+ok@megatron.ietf.org; Sun, 14 Oct 2007 11:15:29 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ih5Bh-0000nN-B3 for tls@ietf.org; Sun, 14 Oct 2007 11:15:29 -0400
Received: from michael.checkpoint.com ([194.29.32.68]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Ih5Bc-0003Id-KP for tls@ietf.org; Sun, 14 Oct 2007 11:15:26 -0400
Received: from localhost (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with SMTP id l9EF36Y4005349; Sun, 14 Oct 2007 17:14:56 +0200 (IST)
Mime-Version: 1.0 (Apple Message framework v752.3)
References: <E1Ih40g-0004yh-07@stiedprstage1.ietf.org>
Message-Id: <A1B5CF41-EE3B-4956-AD5F-20B8F72FE96F@checkpoint.com>
From: Yoav Nir <ynir@checkpoint.com>
Date: Sun, 14 Oct 2007 17:01:24 +0200
To: tls@ietf.org
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e3ebaaff3b3539efaf29ef65eea2aded
Cc: Yaron Sheffer <yaronf@checkpoint.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Subject: [TLS] Fwd: I-D Action:draft-nir-tls-eap-02.txt
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1456758089=="
Errors-To: tls-bounces@lists.ietf.org
Hi all. We've published the -02 iteration of the TEE draft. The aim is to leverage EAP-using infrastructure such as RADIUS and DIAMETER servers for the authentication of TLS sessions. Following comments expressed about version -01, we've added some text that explains why the EAP exchange needs to be integrated into the TLS handshake rather than be part of the application. Comments are welcome. Begin forwarded message: > From: Internet-Drafts@ietf.org > Date: October 14, 2007 4:00:02 PM IST > To: i-d-announce@ietf.org > Subject: I-D Action:draft-nir-tls-eap-02.txt > Reply-To: internet-drafts@ietf.org > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > Title : TLS using EAP Authentication > Author(s) : Y. Nir, et al. > Filename : draft-nir-tls-eap-02.txt > Pages : 19 > Date : 2007-10-14 > > This document describes an extension to the TLS protocol to allow TLS > clients to authenticate with legacy credentials using the Extensible > Authentication Protocol (EAP). > > This work follows the example of IKEv2, where EAP has been added to > the IKEv2 protocol to allow clients to use different credentials such > as passwords, token cards, and shared secrets. > > When TLS is used with EAP, additional records are sent after the > ChangeCipherSpec protocol message and before the Finished message, > effectively creating an extended handshake before the application > layer data can be sent. Each EapMsg handshake record contains > exactly one EAP message. Using EAP for client authentication allows > TLS to be used with various AAA back-end servers, such as RADIUS or > Diameter. > > TLS with EAP may be used for securing a data connection such as HTTP > or POP3. We believe it has three main benefits: > o The ability of EAP to work with backend servers can remove that > > burden from the application layer. > o Moving the user authentication into the TLS handshake protects the > > presumably less secure application layer from attacks by > > unauthenticated parties. > o Using mutual authentication methods within EAP can help thwart > > certain classes of phishing attacks. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-nir-tls-eap-02.txt > > To remove yourself from the I-D Announcement list, send a message to > i-d-announce-request@ietf.org with the word unsubscribe in the body of > the message. > You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce > to change your subscription settings. > > Internet-Drafts are also available by anonymous FTP. Login with the > username "anonymous" and a password of your e-mail address. After > logging in, type "cd internet-drafts" and then > "get draft-nir-tls-eap-02.txt". > > A list of Internet-Drafts directories can be found in > http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > Internet-Drafts can also be obtained by e-mail. > > Send a message to: > mailserv@ietf.org. > In the body type: > "FILE /internet-drafts/draft-nir-tls-eap-02.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > Content-Type: text/plain > Content-ID: <2007-10-14095758.I-D\@ietf.org> > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www1.ietf.org/mailman/listinfo/i-d-announce
_______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Fwd: I-D Action:draft-nir-tls-eap-02.txt Yoav Nir
- [TLS] Re: Fwd: I-D Action:draft-nir-tls-eap-02.txt Simon Josefsson
- [TLS] Re: I-D Action:draft-nir-tls-eap-02.txt Yoav Nir