Secure Frame (SFrame)
draft-omara-sframe-03

Revision differences

Document history

Date Rev. By Action
2022-03-21
 03 (System) Document has expired
2021-11-01
 03 Martin Thomson IETF WG state changed to Call For Adoption By WG Issued
2021-11-01
 03 Martin Thomson Notification list changed to none
2021-11-01
 03 Martin Thomson Changed group to Secure Media Frames (SFRAME)
2021-11-01
 03 Martin Thomson Changed stream to IETF
2021-09-17
 03 Emad Omara New version available: draft-omara-sframe-03.txt
2021-09-17
 03 (System) Forced post of submission
2021-08-16
 03 (System) Request for posting confirmation emailed to previous authors: Alex Gouaillard , Emad Omara , Justin Uberti , Sergio Murillo
2021-08-16
 03 Emad Omara Uploaded new revision
2021-03-29
 02 Justin Uberti New version available: draft-omara-sframe-02.txt
2021-03-29
 02 (System) New version approved
2021-03-29
 02 (System)
EMU Working Group                                              …
EMU Working Group                                                H. Zhou
Internet-Draft                                            N. Cam-Winget
Intended status: Standards Track                              J. Salowey
Expires: January 16, 2014                                  Cisco Systems
                                                                S. Hanna
                                                        Juniper Networks
                                                          July 15, 2013

                  Tunnel EAP Method (TEAP) Version 1
                draft-ietf-emu-eap-tunnel-method-07.txt

Abstract

  This document defines the Tunnel Extensible Authentication Protocol
  (TEAP) version 1.  TEAP is a tunnel based EAP method that enables
  secure communication between a peer and a server by using the
  Transport Layer Security (TLS) protocol to establish a mutually
  authenticated tunnel.  Within the tunnel, Type-Length-Value (TLV)
  objects are used to convey authentication related data between the
  EAP peer and the EAP server.

Status of This Memo

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering
  Task Force (IETF).  Note that other groups may also distribute
  working documents as Internet-Drafts.  The list of current Internet-
  Drafts is at http://datatracker.ietf.org/drafts/current/.

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time.  It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as "work in progress."

  This Internet-Draft will expire on January 16, 2014.

Copyright Notice

  Copyright (c) 2013 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document.  Please review these documents

Zhou, et al.            Expires January 16, 2014                [Page 1]
Internet-Draft                    TEAP                        July 2013

  carefully, as they describe your rights and restrictions with respect
  to this document.  Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of
  the Trust Legal Provisions and are provided without warranty as
  described in the Simplified BSD License.

Table of Contents

  1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .  6
    1.1.  Specification Requirements  . . . . . . . . . . . . . . .  6
    1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .  6
  2.  Protocol Overview . . . . . . . . . . . . . . . . . . . . . .  7
    2.1.  Architectural Model . . . . . . . . . . . . . . . . . . .  7
    2.2.  Protocol Layering Model . . . . . . . . . . . . . . . . .  8
  3.  TEAP Protocol . . . . . . . . . . . . . . . . . . . . . . . .  9
    3.1.  Version Negotiation . . . . . . . . . . . . . . . . . . .  9
    3.2.  TEAP Authentication Phase 1: Tunnel Establishment . . . .  10
      3.2.1.  TLS Session Resume Using Server State . . . . . . . .  12
      3.2.2.  TLS Session Resume Using a PAC  . . . . . . . . . . .  12
      3.2.3.  Transition between Abbreviated and Full TLS
              Handshake . . . . . . . . . . . . . . . . . . . . . .  14
    3.3.  TEAP Authentication Phase 2: Tunneled Authentication  . .  14
      3.3.1.  EAP Sequences . . . . . . . . . . . . . . . . . . . .  15
      3.3.2.  Optional Password Authentication  . . . . . . . . . .  15
      3.3.3.  Protected Termination and Acknowledged Result
              Indication  . . . . . . . . . . . . . . . . . . . . .  16
    3.4.  Determining Peer-Id and Server-Id . . . . . . . . . . . .  17
    3.5.  TEAP Session Identifier . . . . . . . . . . . . . . . . .  17
    3.6.  Error Handling  . . . . . . . . . . . . . . . . . . . . .  18
      3.6.1.  Outer Layer Errors  . . . . . . . . . . . . . . . . .  18
      3.6.2.  TLS Layer Errors  . . . . . . . . . . . . . . . . . .  19
      3.6.3.  Phase 2 Errors  . . . . . . . . . . . . . . . . . . .  19
    3.7.  Fragmentation . . . . . . . . . . . . . . . . . . . . . .  20
    3.8.  Peer Services . . . . . . . . . . . . . . . . . . . . . .  21
      3.8.1.  PAC Provisioning  . . . . . . . . . . . . . . . . . .  22
      3.8.2.  Certificate Provisioning Within the Tunnel  . . . . .  22
      3.8.3.  Server Unauthenticated Provisioning Mode  . . . . . .  23
      3.8.4.  Channel Binding . . . . . . . . . . . . . . . . . . .  24
  4.  Message Formats . . . . . . . . . . . . . . . . . . . . . . .  24
    4.1.  TEAP Message Format . . . . . . . . . . . . . . . . . . .  24
    4.2.  TEAP TLV Format and Support . . . . . . . . . . . . . . .  27
      4.2.1.  General TLV Format  . . . . . . . . . . . . . . . . .  28
      4.2.2.  Authority-ID TLV  . . . . . . . . . . . . . . . . . .  30
      4.2.3.  Identity-Type TLV . . . . . . . . . . . . . . . . . .  31
      4.2.4.  Result TLV  . . . . . . . . . . . . . . . . . . . . .  32
      4.2.5.  NAK TLV . . . . . . . . . . . . . . . . . . . . . . .  33
      4.2.6.  Error TLV . . . . . . . . . . . . . . . . . . . . . .  35
      4.2.7.  Channel-Binding TLV . . . . . . . . . . . . . . . . .  36

Zhou, et al.            Expires January 16, 2014                [Page 2]
Internet-Draft                    TEAP                        July 2013

      4.2.8.  Vendor-Specific TLV . . . . . . . . . . . . . . . . .  37
      4.2.9.  Request-Action TLV  . . . . . . . . . . . . . . . . .  38
      4.2.10. EAP-Payload TLV . . . . . . . . . . . . . . . . . . .  40
      4.2.11. Intermediate-Result TLV . . . . . . . . . . . . . . .  42
      4.2.12. PAC TLV Format  . . . . . . . . . . . . . . . . . . .  43
        4.2.12.1.  Formats for PAC Attributes . . . . . . . . . . .  44
        4.2.12.2.  PAC-Key  . . . . . . . . . . . . . . . . . . . .  45
        4.2.12.3.  PAC-Opaque . . . . . . . . . . . . . . . . . . .  45
        4.2.12.4.  PAC-Info . . . . . . . . . . . . . . . . . . . .  46
        4.2.12.5.  PAC-Acknowledgement TLV  . . . . . . . . . . . .  48
        4.2.12.6.  PAC-Type TLV . . . . . . . . . . . . . . . . . .  49
      4.2.13. Crypto-Binding TLV  . . . . . . . . . . . . . . . . .  50
      4.2.14. Basic-Password-Auth-Req TLV . . . . . . . . . . . . .  53
      4.2.15. Basic-Password-Auth-Resp TLV  . . . . . . . . . . . .  54
      4.2.16. PKCS#7 TLV  . . . . . . . . . . . . . . . . . . . . .  55
      4.2.17. PKCS#10 TLV . . . . . . . . . . . . . . . . . . . . .  57
      4.2.18. Trusted-Server-Root TLV . . . . . . . . . . . . . . .  57
    4.3.  TLV Rules . . . . . . . . . . . . . . . . . . . . . . . .  59
      4.3.1.  Outer TLVs  . . . . . . . . . . . . . . . . . . . . .  59
      4.3.2.  Inner TLVs  . . . . . . . . . . . . . . . . . . . . .  60
  5.  Cryptographic Calculations  . . . . . . . . . . . . . . . . .  60
    5.1.  TEAP Authentication Phase 1: Key Derivations  . . . . . .  61
    5.2.  Intermediate Compound Key Derivations . . . . . . . . . .  61
    5.3.  Computing the Compound MAC  . . . . . . . . . . . . . . .  63
    5.4.  EAP Master Session Key Generation . . . . . . . . . . . .  64
  6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  64
  7.  Security Considerations . . . . . . . . . . . . . . . . . . .  67
    7.1.  Mutual Authentication and Integrity Protection  . . . . .  68
    7.2.  Method Negotiation  . . . . . . . . . . . . . . . . . . .  68
    7.3.  Separation of Phase 1 and Phase 2 Servers . . . . . . . .  69
    7.4.  Mitigation of Known Vulnerabilities and Protocol
          Deficiencies  . . . . . . . . . . . . . . . . . . . . . .  69
      7.4.1.  User Identity Protection and Verification . . . . . .  70
      7.4.2.  Dictionary Attack Resistance  . . . . . . . . . . . .  71
      7.4.3.  Protection against Man-in-the-Middle Attacks  . . . .  71
      7.4.4.  PAC Binding to User Identity  . . . . . . . . . . . .  72
    7.5.  Protecting against Forged Clear Text EAP Packets  . . . .  72
    7.6.  Server Certificate Validation . . . . . . . . . . . . . .  73
    7.7.  Tunnel PAC Considerations . . . . . . . . . . . . . . . .  73
    7.8.  Security Claims . . . . . . . . . . . . . . . . . . . . .  73
  8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  75
  9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  75
    9.1.  Normative References  . . . . . . . . . . . . . . . . . .  75
    9.2.  Informative References  . . . . . . . . . . . . . . . . .  76
  Appendix A.  Evaluation Against Tunnel Based EAP Method
                Requirements . . . . . . . . . . . . . . . . . . . .  79
    A.1.  Requirement 4.1.1 RFC Compliance  . . . . . . . . . . . .  79
    A.2.  Requirement 4.2.1 TLS Requirements  . . . . . . . . . . .  79

Zhou, et al.            Expires January 16, 2014                [Page 3]
Internet-Draft                    TEAP                        July 2013

    A.3.  Requirement 4.2.1.1.1 Cipher Suite Negotiation  . . . . .  80
    A.4.  Requirement 4.2.1.1.2 Tunnel Data Protection Algorithms .  80
    A.5.  Requirement 4.2.1.1.3 Tunnel Authentication and Key
          Establishment . . . . . . . . . . . . . . . . . . . . . .  80
    A.6.  Requirement 4.2.1.2 Tunnel Replay Protection  . . . . . .  80
    A.7.  Requirement 4.2.1.3 TLS Extensions  . . . . . . . . . . .  80
    A.8.  Requirement 4.2.1.4 Peer Identity Privacy . . . . . . . .  81
    A.9.  Requirement 4.2.1.5 Session Resumption  . . . . . . . . .  81
    A.10. Requirement 4.2.2 Fragmentation . . . . . . . . . . . . .  81
    A.11. Requirement 4.2.3 Protection of Data External to Tunnel .  81
    A.12. Requirement 4.3.1 Extensible Attribute Types  . . . . . .  81
    A.13. Requirement 4.3.2 Request/Challenge Response Operation  .  81
    A.14. Requirement 4.3.3 Indicating Criticality of Attributes  .  81
    A.15. Requirement 4.3.4 Vendor Specific Support . . . . . . . .  81
    A.16. Requirement 4.3.5 Result Indication . . . . . . . . . . .  82
    A.17. Requirement 4.3.6 Internationalization of Display
          Strings . . . . . . . . . . . . . . . . . . . . . . . . .  82
    A.18. Requirement 4.4 EAP Channel Binding Requirements  . . . .  82
    A.19. Requirement 4.5.1.1 Confidentiality and Integrity . . . .  82
    A.20. Requirement 4.5.1.2 Authentication of Server  . . . . . .  82
    A.21. Requirement 4.5.1.3 Server Certificate Revocation
          Checking  . . . . . . . . . . . . . . . . . . . . . . . .  82
    A.22. Requirement 4.5.2  Internationalization . . . . . . . . .  82
    A.23. Requirement 4.5.3 Meta-data . . . . . . . . . . . . . . .  82
    A.24. Requirement 4.5.4 Password Change . . . . . . . . . . . .  83
    A.25. Requirement 4.6.1 Method Negotiation  . . . . . . . . . .  83
    A.26. Requirement 4.6.2 Chained Methods . . . . . . . . . . . .  83
    A.27. Requirement 4.6.3 Cryptographic Binding with the TLS
          Tunnel  . . . . . . . . . . . . . . . . . . . . . . . . .  83
    A.28. Requirement 4.6.4 Peer Initiated  . . . . . . . . . . . .  83
    A.29. Requirement 4.6.5 Method Meta-data  . . . . . . . . . . .  83
  Appendix B.  Major Differences from EAP-FAST  . . . . . . . . . .  83
  Appendix C.  Examples . . . . . . . . . . . . . . . . . . . . . .  84
    C.1.  Successful Authentication . . . . . . . . . . . . . . . .  84
    C.2.  Failed Authentication . . . . . . . . . . . . . . . . . .  85
    C.3.  Full TLS Handshake using Certificate-based Cipher Suite .  87
    C.4.  Client authentication during Phase 1 with identity
          privacy . . . . . . . . . . . . . . . . . . . . . . . . .  88
    C.5.  Fragmentation and Reassembly  . . . . . . . . . . . . . .  90
    C.6.  Sequence of EAP Methods . . . . . . . . . . . . . . . . .  92
    C.7.  Failed Crypto-binding . . . . . . . . . . . . . . . . . .  94
    C.8.  Sequence of EAP Method with Vendor-Specific TLV
          Exchange  . . . . . . . . . . . . . . . . . . . . . . . .  95
    C.9.  Peer Requests Inner Method After Server Sends Result
          TLV . . . . . . . . . . . . . . . . . . . . . . . . . . .  97
    C.10. Channel Binding . . . . . . . . . . . . . . . . . . . . .  99
  Appendix D.  Major Differences from Previous Revisions  . . . . . 100
    D.1.  Changes from -06  . . . . . . . . . . . . . . . . . . . . 100

Zhou, et al.            Expires January 16, 2014                [Page 4]
, Sergio Murillo
2021-03-29
 02 Justin Uberti Uploaded new revision
2020-11-16
 01 Martin Thomson Added to session: IETF-109: sframe  Tue-1600
2020-11-16
 01 Emad Omara New version available: draft-omara-sframe-01.txt
2020-11-16
 01 (System) New version accepted (logged-in submitter: Emad Omara)
2020-11-16
 01 Emad Omara Uploaded new revision
2020-07-26
 00 Ben Campbell Added to session: IETF-108: dispatch  Mon-1100
2020-05-19
 00 Emad Omara New version available: draft-omara-sframe-00.txt
2020-05-19
 00 (System) New version approved
2020-05-19
 00 Emad Omara Request for posting confirmation emailed  to submitter and authors: Emad Omara , Justin Uberti , Sergio Murillo , Alexandre Gouaillard
2020-05-19
 00 Emad Omara Uploaded new revision