Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
RFC 4187

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Document Action: 'Extensible Authentication Protocol 
         Method for 3rd Generation Authentication and Key Agreement 
         (EAP-AKA)' to Informational RFC 

The IESG has approved the following document:

- 'Extensible Authentication Protocol Method for 3rd Generation 
   Authentication and Key Agreement (EAP-AKA) '
   <draft-arkko-pppext-eap-aka-16.txt> as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Thomas Narten.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-arkko-pppext-eap-aka-16.txt

Technical Summary

This document specifies an Extensible Authentication Protocol (EAP)
mechanism for authentication and session key distribution using the
Authentication and Key Agreement (AKA) mechanism used in the 3rd
generation mobile networks Universal Mobile Telecommunications System
(UMTS) and cdma2000.  AKA is based on symmetric keys, and runs
typically in a Subscriber Identity Module (UMTS Subscriber Identity
Module USIM, or (Removable) User Identity Module (R)UIM), a smart card
like device.

EAP-AKA includes optional identity privacy support, optional result
indications, and an optional fast re-authentication procedure.
 
 
Working Group Summary
 
This document is not the product of an IETF WG; it has been submitted
to the RFC editor as an independent submission. However, 3GPP also
lists this document as one of their dependencies, and they expect some
IETF review of the document.  Per discussions with Stephen Hayes (3GPP
Liaison to IETF), this document has been reviewed by EAP WG for
conformance with EAP, but security properties have not been reviewed.
 
Protocol Quality
 
This spec has been reviewed for the IESG by Thomas Narten. It has also
been reviewed by the EAP WG for conformance with existing EAP
standards.

RFC Editor Note:

Please add the following sentence to the end of the IESG note:

    The IETF has also not reviewed the security of the underlying UMTS
    AKA algorithms.

New section (with additional sentence added):

    The EAP-AKA protocol was developed by 3GPP.  The documentation of
    EAP-AKA is provided as information to the Internet community.  While
    the EAP WG has verified that EAP-AKA is compatible with EAP as
    defined in RFC 3748, no other review has been done, including
    validation of the security claims. The IETF has also not reviewed
    the security of the underlying UMTS AKA algorithms.