Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs
RFC 4017
Document | Type |
RFC - Informational
(March 2005; No errata)
Was draft-walker-ieee802-req (individual in int area)
|
|
---|---|---|---|
Authors | Dorothy Stanley , Jesse Walker , Bernard Aboba | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4017 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Margaret Cullen | ||
Send notices to | (None) |
Network Working Group D. Stanley Request for Comments: 4017 Agere Systems Category: Informational J. Walker Intel Corporation B. Aboba Microsoft Corporation March 2005 Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract The IEEE 802.11i MAC Security Enhancements Amendment makes use of IEEE 802.1X, which in turn relies on the Extensible Authentication Protocol (EAP). This document defines requirements for EAP methods used in IEEE 802.11 wireless LAN deployments. The material in this document has been approved by IEEE 802.11 and is being presented as an IETF RFC for informational purposes. Table of Contents 1. Introduction ................................................. 2 1.1. Requirements Specification ............................. 2 1.2. Terminology ............................................ 2 2. Method Requirements .......................................... 3 2.1. Credential Types ....................................... 3 2.2. Mandatory Requirements ................................. 4 2.3. Recommended Requirements ............................... 5 2.4. Optional Features ...................................... 5 2.5. Non-compliant EAP Authentication Methods ............... 5 3. Security Considerations ...................................... 6 4. References ................................................... 8 Acknowledgments .................................................. 9 Authors' Addresses ............................................... 10 Full Copyright Statement ......................................... 11 Stanley, et al. Informational [Page 1] RFC 4017 EAP Method Requirements for Wireless LANs March 2005 1. Introduction The IEEE 802.11i MAC Security Enhancements Amendment [IEEE802.11i] makes use of IEEE 802.1X [IEEE802.1X], which in turn relies on the Extensible Authentication Protocol (EAP), defined in [RFC3748]. Today, deployments of IEEE 802.11 wireless LANs are based on EAP and use several EAP methods, including EAP-TLS [RFC2716], EAP-TTLS [TTLS], PEAP [PEAP], and EAP-SIM [EAPSIM]. These methods support authentication credentials that include digital certificates, user- names and passwords, secure tokens, and SIM secrets. This document defines requirements for EAP methods used in IEEE 802.11 wireless LAN deployments. EAP methods claiming conformance to the IEEE 802.11 EAP method requirements for wireless LANs must complete IETF last call review. 1.1. Requirements Specification In this document, several words are used to signify the requirements of the specification. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. An EAP authentication method is not compliant with this specification if it fails to satisfy one or more of the MUST or MUST NOT requirements. An EAP authentication method that satisfies all the MUST, MUST NOT, SHOULD, and SHOULD NOT requirements is said to be "unconditionally compliant"; one that satisfies all the MUST and MUST NOT requirements but not all the SHOULD or SHOULD NOT requirements is said to be "conditionally compliant". 1.2. Terminology authenticator The end of the link initiating EAP authentication. The term authenticator is used in [IEEE802.1X], and authenticator has the same meaning in this document. peer The end of the link that responds to the authenticator. In [IEEE802.1X], this end is known as the supplicant. Supplicant The end of the link that responds to the authenticator in [IEEE802.1X]. Stanley, et al. Informational [Page 2] RFC 4017 EAP Method Requirements for Wireless LANs March 2005 backend authentication server A backend authentication server is an entity that provides an authentication service to an authenticator. When used, this server typically executes EAP methods for the authenticator. This terminology is also used in [IEEE802.1X]. EAP server The entity that terminates the EAP authentication method with theShow full document text