thomas otto hannes tschofenig ietf 66th july 2006 emu working group n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt PowerPoint Presentation
Download Presentation
EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt

Loading in 2 Seconds...

play fullscreen
1 / 5

EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt - PowerPoint PPT Presentation


  • 145 Views
  • Uploaded on

Thomas Otto Hannes Tschofenig IETF 66th, July 2006, EMU Working Group. EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt. Motivation for EAP-TLS-PSK. December 2005: Publication of RFC 4279 (TLS Pre-Shared Key Ciphersuites)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt' - azriel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
thomas otto hannes tschofenig ietf 66th july 2006 emu working group
Thomas Otto

Hannes Tschofenig

IETF 66th, July 2006, EMU Working Group

EAP-TLS-PSKdraft-otto-emu-eap-tls-psk-00.txt
motivation for eap tls psk
Motivation for EAP-TLS-PSK
  • December 2005: Publication of RFC 4279 (TLS Pre-Shared Key Ciphersuites)
  • EAP-TLSbis will be backward compatible and only support certificate-based ciphersuites
  • Pre-shared key based authentication is very performant and highly appreciable for constrained environments
  • => There is need for an EAP method that supports the TLS ciphersuites of RFC 4279
ciphersuites of rfc 4279
Ciphersuites of RFC 4279
  • RFC 4279 specifies three ciphersuites
  • PSK
    • Mutual authentication based on a pre-shared key using symmetric cryptography only
  • DHE_PSK
    • Use the pre-shared key to authenticate an ephemeral Diffie-Hellman key exchange
  • RSA_PSK
    • Authenticate the server certificate-based and the client pre-shared key based
eap tls psk message flow
EAP-TLS-PSK message flow

EAP

peer

EAP

server

EAP-Request/Identity

EAP-Response/Identity (MyID)

EAP-Request/Type=EAP-TLS-PSK (TLS Start)

EAP-Response/Type=EAP-TLS-PSK

(ClientHello)

EAP-Request/Type=EAP-TLS-PSK

(ServerHello, [Certificate,]

[ServerKeyExchange,] ServerHelloDone)

EAP-Response/Type=EAP-TLS-PSK

(ClientKeyExchange, ChangeCipherSpec, Finished)

EAP-Request/Type=EAP-TLS-PSK

(ChangeCipherSpec, Finished)

EAP-Response/Type=EAP-TLS-PSK()

EAP-Success