Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs
RFC 4017
Document Type RFC - Informational (March 2005; No errata)
Was draft-walker-ieee802-req (individual in int area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4017 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Margaret Cullen
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                         D. Stanley
Request for Comments: 4017                                 Agere Systems
Category: Informational                                        J. Walker
                                                       Intel Corporation
                                                                B. Aboba
                                                   Microsoft Corporation
                                                              March 2005

      Extensible Authentication Protocol (EAP) Method Requirements
                           for Wireless LANs

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   The IEEE 802.11i MAC Security Enhancements Amendment makes use of
   IEEE 802.1X, which in turn relies on the Extensible Authentication
   Protocol (EAP).  This document defines requirements for EAP methods
   used in IEEE 802.11 wireless LAN deployments.  The material in this
   document has been approved by IEEE 802.11 and is being presented as
   an IETF RFC for informational purposes.

Table of Contents

   1.  Introduction .................................................  2
       1.1.  Requirements Specification .............................  2
       1.2.  Terminology ............................................  2
   2.  Method Requirements ..........................................  3
       2.1.  Credential Types .......................................  3
       2.2.  Mandatory Requirements .................................  4
       2.3.  Recommended Requirements ...............................  5
       2.4.  Optional Features ......................................  5
       2.5.  Non-compliant EAP Authentication Methods ...............  5
   3.  Security Considerations ......................................  6
   4.  References ...................................................  8
   Acknowledgments ..................................................  9
   Authors' Addresses ............................................... 10
   Full Copyright Statement ......................................... 11

Stanley, et al.              Informational                      [Page 1]
RFC 4017       EAP Method Requirements for Wireless LANs      March 2005

1.  Introduction

   The IEEE 802.11i MAC Security Enhancements Amendment [IEEE802.11i]
   makes use of IEEE 802.1X [IEEE802.1X], which in turn relies on the
   Extensible Authentication Protocol (EAP), defined in [RFC3748].

   Today, deployments of IEEE 802.11 wireless LANs are based on EAP and
   use several EAP methods, including EAP-TLS [RFC2716], EAP-TTLS
   [TTLS], PEAP [PEAP], and EAP-SIM [EAPSIM].  These methods support
   authentication credentials that include digital certificates, user-
   names and passwords, secure tokens, and SIM secrets.

   This document defines requirements for EAP methods used in IEEE
   802.11 wireless LAN deployments.  EAP methods claiming conformance to
   the IEEE 802.11 EAP method requirements for wireless LANs must
   complete IETF last call review.

1.1.  Requirements Specification

   In this document, several words are used to signify the requirements
   of the specification.  The key words "MUST", "MUST NOT", "REQUIRED",
   "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
   and "OPTIONAL" in this document are to be interpreted as described in
   [RFC2119].

   An EAP authentication method is not compliant with this specification
   if it fails to satisfy one or more of the MUST or MUST NOT
   requirements.  An EAP authentication method that satisfies all the
   MUST, MUST NOT, SHOULD, and SHOULD NOT requirements is said to be
   "unconditionally compliant"; one that satisfies all the MUST and MUST
   NOT requirements but not all the SHOULD or SHOULD NOT requirements is
   said to be "conditionally compliant".

1.2.  Terminology

   authenticator
      The end of the link initiating EAP authentication.  The term
      authenticator is used in [IEEE802.1X], and authenticator has the
      same meaning in this document.

   peer
      The end of the link that responds to the authenticator.  In
      [IEEE802.1X], this end is known as the supplicant.

   Supplicant
      The end of the link that responds to the authenticator in
      [IEEE802.1X].

Stanley, et al.              Informational                      [Page 2]
RFC 4017       EAP Method Requirements for Wireless LANs      March 2005

   backend authentication server
      A backend authentication server is an entity that provides an
      authentication service to an authenticator.  When used, this
      server typically executes EAP methods for the authenticator.  This
      terminology is also used in [IEEE802.1X].

   EAP server
      The entity that terminates the EAP authentication method with the
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools