Eap method update emu
1 / 11

EAP Method Update (EMU) - PowerPoint PPT Presentation

  • Uploaded on

EAP Method Update (EMU). Chairs Joseph Salowey ( jsalowey@cisco.com ) Alan DeKok ( aland@freeradius.org ). Note Well.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'EAP Method Update (EMU)' - aizza

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Eap method update emu

EAP Method Update(EMU)


Joseph Salowey (jsalowey@cisco.com)

Alan DeKok ( aland@freeradius.org )

Note well
Note Well

Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF Contribution". Such statements include oral statements in IETF sessions, as well as written and electronic communications made at any time or place, which are addressed to:

  • The IETF plenary session

  • The IESG, or any member thereof on behalf of the IESG

  • Any IETF mailing list, including the IETF list itself, any working group or design team list, or any other list functioning under IETF auspices

  • Any IETF working group or portion thereof

  • The IAB or any member thereof on behalf of the IAB

  • The RFC Editor or the Internet-Drafts function

    All IETF Contributions are subject to the rules of RFC 5378 and RFC 3979 (updated by RFC 4879).

    Statements made outside of an IETF session, mailing list or other function, that are clearly not intended to be input to an IETF activity, group or function, are not IETF Contributions in the context of this notice.

    Please consult RFC 5378 and RFC 3979 for details.

    A participant in any IETF activity is deemed to accept all IETF rules of process, as documented in Best Current Practices RFCs and IESG Statements.

    A participant in any IETF activity acknowledges that written, audio and video records of meetings may be made and may be available to the public.


  • Administrivia (5 min)

  • Tunnel Requirements (10 min)

    • draft-ietf-emu-eaptunnel-req-04.txt

  • Channel Binding - (30 min)

    • draft-ietf-emu-chbind-04.txt

  • ITU-T X.1034 Liaison Statement - (15 min)

    • https://datatracker.ietf.org/liaison/598/

  • Unauthenticated Emergency Service - (15 Min)

    • http://tools.ietf.org/id/draft-schulzrinne-ecrit-unauthenticated-access-06.txt

  • EAP Session Policy - (15 min)

    • draft-mccann-session-policy-framework-using-eap-00.txt

  • Biometric Authentication (EAP-BIO) - (15 min)

    • draft-urien-kiennert-emu-bio-00.txt

Tunnel requirements
Tunnel Requirements

  • -04 addresses last call comments

  • Set of comments from Alan DeKok on 10/27

    • Many Editorial Issues

    • Katrin Responded to most on the list

Mandatory attribute issue
Mandatory Attribute Issue

4.3.3. Mandatory and Optional Attributes

The payload MUST support marking of mandatory and optional attributes, as well as a "NAK" attribute used to communicate disagreements about received attributes.

Mandatory attributes are attributes that a receiver MUST process as per the specification. Optional attributes are attributes that a receiver MAY ignore.

A receiver MUST process mandatory attributes before optional ones. After an attribute has been processed, it SHOULD be marked as no longer being mandatory. If a receiver does not process a mandatory attribute, it MUST ignore everything else in a request, and it MUST send a NAK attribute in response. Similarly, if a receiver expects a mandatory attribute and does not receive one in a request, it MUST send a NAK attribute in the response that contains the set of attributes it expected to receive.

A peer that either sends or receives a NAK attribute MUST treat the session as failing authentication.

The NAK attribute MUST support a description of which mandatory attribute is either required, or is not supported. The NAK attribute MUST be otherwise treated as an optional attribute, and it MUST NOT contain a NAK of the NAK attribute, in order to prevent infinite recursion.

Next steps
Next Steps

  • Revise Draft to address comments

  • Last look by working group

  • Send to IESG!

Itu t x 1034 liaison statement
ITU-T X.1034 Liaison Statement

  • https://datatracker.ietf.org/liaison/598/

  • “Draft revised Recommendation ITU-T X.1034, Guideline on extensible authentication protocol based authentication and key management in a data communication network”

  • Need some reviewers