Secure Frame (SFrame)
draft-omara-sframe-03
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2022-03-21
|
03 | (System) | Document has expired |
2021-11-01
|
03 | Martin Thomson | IETF WG state changed to Call For Adoption By WG Issued |
2021-11-01
|
03 | Martin Thomson | Notification list changed to none |
2021-11-01
|
03 | Martin Thomson | Changed group to Secure Media Frames (SFRAME) |
2021-11-01
|
03 | Martin Thomson | Changed stream to IETF |
2021-09-17
|
03 | Emad Omara | New version available: draft-omara-sframe-03.txt |
2021-09-17
|
03 | (System) | Forced post of submission |
2021-08-16
|
03 | (System) | Request for posting confirmation emailed to previous authors: Alex Gouaillard , Emad Omara , Justin Uberti , Sergio Murillo |
2021-08-16
|
03 | Emad Omara | Uploaded new revision |
2021-03-29
|
02 | Justin Uberti | New version available: draft-omara-sframe-02.txt |
2021-03-29
|
02 | (System) | New version approved |
2021-03-29
|
02 | (System) | EMU Working Group … EMU Working Group H. Zhou Internet-Draft N. Cam-Winget Intended status: Standards Track J. Salowey Expires: January 16, 2014 Cisco Systems S. Hanna Juniper Networks July 15, 2013 Tunnel EAP Method (TEAP) Version 1 draft-ietf-emu-eap-tunnel-method-07.txt Abstract This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, Type-Length-Value (TLV) objects are used to convey authentication related data between the EAP peer and the EAP server. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 16, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Zhou, et al. Expires January 16, 2014 [Page 1] Internet-Draft TEAP July 2013 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1. Specification Requirements . . . . . . . . . . . . . . . 6 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Architectural Model . . . . . . . . . . . . . . . . . . . 7 2.2. Protocol Layering Model . . . . . . . . . . . . . . . . . 8 3. TEAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . 9 3.1. Version Negotiation . . . . . . . . . . . . . . . . . . . 9 3.2. TEAP Authentication Phase 1: Tunnel Establishment . . . . 10 3.2.1. TLS Session Resume Using Server State . . . . . . . . 12 3.2.2. TLS Session Resume Using a PAC . . . . . . . . . . . 12 3.2.3. Transition between Abbreviated and Full TLS Handshake . . . . . . . . . . . . . . . . . . . . . . 14 3.3. TEAP Authentication Phase 2: Tunneled Authentication . . 14 3.3.1. EAP Sequences . . . . . . . . . . . . . . . . . . . . 15 3.3.2. Optional Password Authentication . . . . . . . . . . 15 3.3.3. Protected Termination and Acknowledged Result Indication . . . . . . . . . . . . . . . . . . . . . 16 3.4. Determining Peer-Id and Server-Id . . . . . . . . . . . . 17 3.5. TEAP Session Identifier . . . . . . . . . . . . . . . . . 17 3.6. Error Handling . . . . . . . . . . . . . . . . . . . . . 18 3.6.1. Outer Layer Errors . . . . . . . . . . . . . . . . . 18 3.6.2. TLS Layer Errors . . . . . . . . . . . . . . . . . . 19 3.6.3. Phase 2 Errors . . . . . . . . . . . . . . . . . . . 19 3.7. Fragmentation . . . . . . . . . . . . . . . . . . . . . . 20 3.8. Peer Services . . . . . . . . . . . . . . . . . . . . . . 21 3.8.1. PAC Provisioning . . . . . . . . . . . . . . . . . . 22 3.8.2. Certificate Provisioning Within the Tunnel . . . . . 22 3.8.3. Server Unauthenticated Provisioning Mode . . . . . . 23 3.8.4. Channel Binding . . . . . . . . . . . . . . . . . . . 24 4. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 24 4.1. TEAP Message Format . . . . . . . . . . . . . . . . . . . 24 4.2. TEAP TLV Format and Support . . . . . . . . . . . . . . . 27 4.2.1. General TLV Format . . . . . . . . . . . . . . . . . 28 4.2.2. Authority-ID TLV . . . . . . . . . . . . . . . . . . 30 4.2.3. Identity-Type TLV . . . . . . . . . . . . . . . . . . 31 4.2.4. Result TLV . . . . . . . . . . . . . . . . . . . . . 32 4.2.5. NAK TLV . . . . . . . . . . . . . . . . . . . . . . . 33 4.2.6. Error TLV . . . . . . . . . . . . . . . . . . . . . . 35 4.2.7. Channel-Binding TLV . . . . . . . . . . . . . . . . . 36 Zhou, et al. Expires January 16, 2014 [Page 2] Internet-Draft TEAP July 2013 4.2.8. Vendor-Specific TLV . . . . . . . . . . . . . . . . . 37 4.2.9. Request-Action TLV . . . . . . . . . . . . . . . . . 38 4.2.10. EAP-Payload TLV . . . . . . . . . . . . . . . . . . . 40 4.2.11. Intermediate-Result TLV . . . . . . . . . . . . . . . 42 4.2.12. PAC TLV Format . . . . . . . . . . . . . . . . . . . 43 4.2.12.1. Formats for PAC Attributes . . . . . . . . . . . 44 4.2.12.2. PAC-Key . . . . . . . . . . . . . . . . . . . . 45 4.2.12.3. PAC-Opaque . . . . . . . . . . . . . . . . . . . 45 4.2.12.4. PAC-Info . . . . . . . . . . . . . . . . . . . . 46 4.2.12.5. PAC-Acknowledgement TLV . . . . . . . . . . . . 48 4.2.12.6. PAC-Type TLV . . . . . . . . . . . . . . . . . . 49 4.2.13. Crypto-Binding TLV . . . . . . . . . . . . . . . . . 50 4.2.14. Basic-Password-Auth-Req TLV . . . . . . . . . . . . . 53 4.2.15. Basic-Password-Auth-Resp TLV . . . . . . . . . . . . 54 4.2.16. PKCS#7 TLV . . . . . . . . . . . . . . . . . . . . . 55 4.2.17. PKCS#10 TLV . . . . . . . . . . . . . . . . . . . . . 57 4.2.18. Trusted-Server-Root TLV . . . . . . . . . . . . . . . 57 4.3. TLV Rules . . . . . . . . . . . . . . . . . . . . . . . . 59 4.3.1. Outer TLVs . . . . . . . . . . . . . . . . . . . . . 59 4.3.2. Inner TLVs . . . . . . . . . . . . . . . . . . . . . 60 5. Cryptographic Calculations . . . . . . . . . . . . . . . . . 60 5.1. TEAP Authentication Phase 1: Key Derivations . . . . . . 61 5.2. Intermediate Compound Key Derivations . . . . . . . . . . 61 5.3. Computing the Compound MAC . . . . . . . . . . . . . . . 63 5.4. EAP Master Session Key Generation . . . . . . . . . . . . 64 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 64 7. Security Considerations . . . . . . . . . . . . . . . . . . . 67 7.1. Mutual Authentication and Integrity Protection . . . . . 68 7.2. Method Negotiation . . . . . . . . . . . . . . . . . . . 68 7.3. Separation of Phase 1 and Phase 2 Servers . . . . . . . . 69 7.4. Mitigation of Known Vulnerabilities and Protocol Deficiencies . . . . . . . . . . . . . . . . . . . . . . 69 7.4.1. User Identity Protection and Verification . . . . . . 70 7.4.2. Dictionary Attack Resistance . . . . . . . . . . . . 71 7.4.3. Protection against Man-in-the-Middle Attacks . . . . 71 7.4.4. PAC Binding to User Identity . . . . . . . . . . . . 72 7.5. Protecting against Forged Clear Text EAP Packets . . . . 72 7.6. Server Certificate Validation . . . . . . . . . . . . . . 73 7.7. Tunnel PAC Considerations . . . . . . . . . . . . . . . . 73 7.8. Security Claims . . . . . . . . . . . . . . . . . . . . . 73 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 75 9.1. Normative References . . . . . . . . . . . . . . . . . . 75 9.2. Informative References . . . . . . . . . . . . . . . . . 76 Appendix A. Evaluation Against Tunnel Based EAP Method Requirements . . . . . . . . . . . . . . . . . . . . 79 A.1. Requirement 4.1.1 RFC Compliance . . . . . . . . . . . . 79 A.2. Requirement 4.2.1 TLS Requirements . . . . . . . . . . . 79 Zhou, et al. Expires January 16, 2014 [Page 3] Internet-Draft TEAP July 2013 A.3. Requirement 4.2.1.1.1 Cipher Suite Negotiation . . . . . 80 A.4. Requirement 4.2.1.1.2 Tunnel Data Protection Algorithms . 80 A.5. Requirement 4.2.1.1.3 Tunnel Authentication and Key Establishment . . . . . . . . . . . . . . . . . . . . . . 80 A.6. Requirement 4.2.1.2 Tunnel Replay Protection . . . . . . 80 A.7. Requirement 4.2.1.3 TLS Extensions . . . . . . . . . . . 80 A.8. Requirement 4.2.1.4 Peer Identity Privacy . . . . . . . . 81 A.9. Requirement 4.2.1.5 Session Resumption . . . . . . . . . 81 A.10. Requirement 4.2.2 Fragmentation . . . . . . . . . . . . . 81 A.11. Requirement 4.2.3 Protection of Data External to Tunnel . 81 A.12. Requirement 4.3.1 Extensible Attribute Types . . . . . . 81 A.13. Requirement 4.3.2 Request/Challenge Response Operation . 81 A.14. Requirement 4.3.3 Indicating Criticality of Attributes . 81 A.15. Requirement 4.3.4 Vendor Specific Support . . . . . . . . 81 A.16. Requirement 4.3.5 Result Indication . . . . . . . . . . . 82 A.17. Requirement 4.3.6 Internationalization of Display Strings . . . . . . . . . . . . . . . . . . . . . . . . . 82 A.18. Requirement 4.4 EAP Channel Binding Requirements . . . . 82 A.19. Requirement 4.5.1.1 Confidentiality and Integrity . . . . 82 A.20. Requirement 4.5.1.2 Authentication of Server . . . . . . 82 A.21. Requirement 4.5.1.3 Server Certificate Revocation Checking . . . . . . . . . . . . . . . . . . . . . . . . 82 A.22. Requirement 4.5.2 Internationalization . . . . . . . . . 82 A.23. Requirement 4.5.3 Meta-data . . . . . . . . . . . . . . . 82 A.24. Requirement 4.5.4 Password Change . . . . . . . . . . . . 83 A.25. Requirement 4.6.1 Method Negotiation . . . . . . . . . . 83 A.26. Requirement 4.6.2 Chained Methods . . . . . . . . . . . . 83 A.27. Requirement 4.6.3 Cryptographic Binding with the TLS Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 83 A.28. Requirement 4.6.4 Peer Initiated . . . . . . . . . . . . 83 A.29. Requirement 4.6.5 Method Meta-data . . . . . . . . . . . 83 Appendix B. Major Differences from EAP-FAST . . . . . . . . . . 83 Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 84 C.1. Successful Authentication . . . . . . . . . . . . . . . . 84 C.2. Failed Authentication . . . . . . . . . . . . . . . . . . 85 C.3. Full TLS Handshake using Certificate-based Cipher Suite . 87 C.4. Client authentication during Phase 1 with identity privacy . . . . . . . . . . . . . . . . . . . . . . . . . 88 C.5. Fragmentation and Reassembly . . . . . . . . . . . . . . 90 C.6. Sequence of EAP Methods . . . . . . . . . . . . . . . . . 92 C.7. Failed Crypto-binding . . . . . . . . . . . . . . . . . . 94 C.8. Sequence of EAP Method with Vendor-Specific TLV Exchange . . . . . . . . . . . . . . . . . . . . . . . . 95 C.9. Peer Requests Inner Method After Server Sends Result TLV . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 C.10. Channel Binding . . . . . . . . . . . . . . . . . . . . . 99 Appendix D. Major Differences from Previous Revisions . . . . . 100 D.1. Changes from -06 . . . . . . . . . . . . . . . . . . . . 100 Zhou, et al. Expires January 16, 2014 [Page 4] , Sergio Murillo |
2021-03-29
|
02 | Justin Uberti | Uploaded new revision |
2020-11-16
|
01 | Martin Thomson | Added to session: IETF-109: sframe Tue-1600 |
2020-11-16
|
01 | Emad Omara | New version available: draft-omara-sframe-01.txt |
2020-11-16
|
01 | (System) | New version accepted (logged-in submitter: Emad Omara) |
2020-11-16
|
01 | Emad Omara | Uploaded new revision |
2020-07-26
|
00 | Ben Campbell | Added to session: IETF-108: dispatch Mon-1100 |
2020-05-19
|
00 | Emad Omara | New version available: draft-omara-sframe-00.txt |
2020-05-19
|
00 | (System) | New version approved |
2020-05-19
|
00 | Emad Omara | Request for posting confirmation emailed to submitter and authors: Emad Omara , Justin Uberti , Sergio Murillo , Alexandre Gouaillard |
2020-05-19
|
00 | Emad Omara | Uploaded new revision |