-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdraft-mattsson-emu-eap-tls-psk.xml
237 lines (160 loc) · 8.48 KB
/
draft-mattsson-emu-eap-tls-psk.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
<?xml version="1.0" ?>
<?xml-stylesheet type='text/xsl'
href='http://xml.resource.org/authoring/rfc2629.xslt' ?>
<!DOCTYPE rfc SYSTEM 'rfc2629.dtd'[] >
<?rfc compact="yes" ?>
<?rfc iprnotified="yes" ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<rfc category="std" ipr="trust200902" docName="draft-mattsson-emu-eap-tls-psk-latest">
<front>
<title abbrev="EAP-TLS-PSK">EAP-TLS with PSK Authentication (EAP-TLS-PSK)</title>
<author initials="J." surname="Mattsson" fullname="John Preuß Mattsson">
<organization>Ericsson</organization>
<address>
<postal>
<street/>
<city> Stockholm</city>
<code>164 40</code>
<country>Sweden</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author initials="M" surname="Sethi" fullname="Mohit Sethi">
<organization>Ericsson</organization>
<address>
<postal>
<street/>
<city>Jorvas</city>
<code>02420</code>
<country>Finland</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author initials="T" surname="Aura" fullname="Tuomas Aura">
<organization>Aalto University</organization>
<address>
<postal>
<street></street>
<city>Aalto</city>
<code>00076</code>
<country>Finland</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author initials="O" surname="Friel" fullname="Owen Friel">
<organization>Cisco</organization>
<address>
<postal>
<street></street>
<city></city>
<code></code>
<country></country>
</postal>
<email>[email protected]</email>
</address>
</author>
<date />
<workgroup>Network Working Group</workgroup>
<abstract>
<t>
While TLS 1.3 supports authentication with Pre-Shared Key (PSK), EAP-TLS with TLS 1.3 explicitly forbids PSK authentication except when used for resumption. This document specifies a separate EAP method (EAP-TLS-PSK) for use cases that require authentication based on external PSKs.
</t>
</abstract>
</front>
<middle>
<section title='Introduction'>
<t>The Extensible Authentication Protocol (EAP), defined in <xref target="RFC3748"/>, provides a standard mechanism for support of multiple authentication methods. EAP-Transport Layer Security (EAP-TLS) <xref target="RFC5216"/><xref target="I-D.ietf-emu-eap-tls13"/> defines an EAP authentication method with certificate-based mutual authentication and key derivation utilizing the TLS handshake protocol for cryptographic algorithms and protocol version negotiation, mutual authentication, and establishment of shared secret keying material.
</t>
<t>While majority of TLS deployments use certificate-based authentication, earlier version of TLS have supported Pre-Shared Keys (PSK) authention as an optional feature. TLS 1.3 <xref target="RFC8446"/> incorporporats PSK authentication into the main specification as a main authentication method.</t>
<t>TLS version 1.3 <xref target="RFC8446"/> also uses PSKs for resuming previous TLS sessions. The specification distinguishes resumption PSKs from external PSKs that have been provisioned out of band. It also refers to external PSKs as out-of-band PSKs.</t>
<t>EAP-TLS <xref target="RFC5216"/> does not discuss the use of PSKs and EAP-TLS with TLS 1.3 <xref target="I-D.ietf-emu-eap-tls13"/> explicitly forbids the use of external PSKs. Nonetheless, there are examples of EAP-TLS deployments that rely on a PSK for authentication. For example, the Zigbee IP specification discusses the use of EAP-TLS with PSKs.</t>
<t>Although EAP already has an authentication method that supports PSKs (EAP-PSK <xref target="RFC4764"/>), it does not provide properties of forward secrecy or identity protection. Similary, EAP also has EAP-Pwd <xref target="RFC5931"/> for authentication based on user chosen passwords. It however relies on a Password Authenticated Key Exchange (PAKE). There are side-channel vulnerabilities in EAP-Pwd which are now being addressed in <xref target="I-D.harkins-eap-pwd-prime"/>. Implementing all the mitigations against side-channel attacks may not be possible in all environments.</t>
<t>This document therefore specifies EAP-TLS-PSK to allow external PSKs for mutual authentication of the peer and server.</t>
<section title='Requirements and Terminology'>
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED","MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target='RFC2119'/> <xref target='RFC8174'/> when, and only when, they appear in all capitals, as shown here.</t>
<t>Readers are expected to be familiar with the terms and concepts used in EAP-TLS <xref target="RFC5216"/><xref target="I-D.ietf-emu-eap-tls13"/> and TLS 1.3 <xref target="RFC8446"/>.</t>
</section>
</section>
<section title='Protocol Overview'>
<section title='Overview of the EAP-TLS-PSK Conversation'>
<t>This document only lists additional and different requirements, restrictions, and processing compared to <xref target="RFC8446"/> and <xref target="I-D.ietf-emu-eap-tls13"/>.</t>
<t>Compared to EAP-TLS with certificate authentication, EAP-TLS-PSK uses a new Type-Code (TBD).</t>
<t>What should the NAI be (e.g. can it be based on PSK id)? Does the PSK id need to have any specific properties?</t>
<section title='Mutual Authentication'>
<t>The EAP server and EAP peer MUST authenticate with an external PSK. In addition to the PSK, they can also authenticate with a certificate as specified in <xref target="I-D.ietf-tls-tls13-cert-with-extern-psk"/>.</t>
</section>
<section title='Termination'>
</section>
<section title="Hello Retry Request" anchor="helloretry">
</section>
<section title='Ticket Establishment' anchor="ticket">
</section>
<section title="Resumption" anchor="resumption">
</section>
<section title="Privacy" anchor="privacy">
<t>Any additional privacy considerations based on PSK ID?</t>
</section>
<section title='Fragmentation'>
</section>
</section>
<section title='Identity Verification' anchor="identity">
<t>NAI, PSK Identity, Server Identity</t>
</section>
<section title='Key Hierarchy' anchor="keyheirarchy">
<t>The key derivation is performed as defined Section 2.3 of <xref target="I-D.ietf-emu-eap-tls13"/> with the only difference being the new Type-Code.</t>
</section>
<section title='Parameter Negotiation and Compliance Requirements'>
</section>
<section title='EAP State Machines' anchor="state">
</section>
</section>
<section title='IANA considerations'>
<t>This document registers the following item in the "Method Types" registry under the "Extensible Authentication Protocol (EAP) Registry" heading. The 'Reference' field points to this document.</t>
<figure anchor="figiana" title="IANA Method Types" align="center"><artwork><![CDATA[
+-----------+------------------------+
| Value | Description |
+-----------+------------------------+
| TBD | EAP-TLS-PSK |
+-----------+------------------------+
]]></artwork></figure>
</section>
<section title='Security Considerations' anchor="seccon">
<section title="Security Claims">
</section>
<section title="Peer and Server Identities">
</section>
<section title="Authorization" anchor="secauth">
</section>
<section title="Resumption" anchor="secres">
<t></t>
</section>
<section title="Privacy Considerations">
</section>
<section title="Pervasive Monitoring">
</section>
</section>
</middle>
<back>
<references title='Normative References'>
<?rfc include='reference.RFC.2119'?>
<?rfc include='reference.RFC.3748'?>
<?rfc include='reference.RFC.5216'?>
<?rfc include='reference.RFC.8174'?>
<?rfc include='reference.RFC.8446'?>
<?rfc include='reference.I-D.ietf-emu-eap-tls13'?>
</references>
<references title='Informative references'>
<?rfc include='reference.RFC.4764'?>
<?rfc include='reference.I-D.ietf-tls-tls13-cert-with-extern-psk'?>
<?rfc include='reference.RFC.5931'?>
<?rfc include='reference.I-D.harkins-eap-pwd-prime'?>
</references>
<section title="Acknowledgments" numbered="false">
<t>The authors want to thank Elliot Lear, Alan Dekok, and Joe Salowey for their feedback on this document.</t>
</section>
</back>
</rfc>