EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt - PowerPoint PPT Presentation
Title:
EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt
Description:
EAP-TLS-PSK. draft-otto-emu-eap-tls-psk-00.txt. Thomas Otto. Hannes Tschofenig ... EAP-TLSbis will be backward compatible and only support certificate-based ... – PowerPoint PPT presentation
Number of Views:12
Avg rating:3.0/5.0
Title: EAP-TLS-PSK draft-otto-emu-eap-tls-psk-00.txt
1
EAP-TLS-PSKdraft-otto-emu-eap-tls-psk-00.txt
- Thomas Otto
- Hannes Tschofenig
- IETF 66th, July 2006, EMU Working Group
2
Motivation for EAP-TLS-PSK
- December 2005 Publication of RFC 4279 (TLS
Pre-Shared Key Ciphersuites) - EAP-TLSbis will be backward compatible and only
support certificate-based ciphersuites - Pre-shared key based authentication is very
performant and highly appreciable for constrained
environments - gt There is need for an EAP method that supports
the TLS ciphersuites of RFC 4279
3
Ciphersuites of RFC 4279
- RFC 4279 specifies three ciphersuites
- PSK
- Mutual authentication based on a pre-shared key
using symmetric cryptography only - DHE_PSK
- Use the pre-shared key to authenticate an
ephemeral Diffie-Hellman key exchange - RSA_PSK
- Authenticate the server certificate-based and
the client pre-shared key based
4
EAP-TLS-PSK message flow
EAP peer
EAP server
EAP-Request/Identity EAP-Response/Identity
(MyID) EAP-Request/TypeEAP-TLS-PSK (TLS
Start) EAP-Response/TypeEAP-TLS-PSK (ClientHello
) EAP-Request/TypeEAP-TLS-PSK
(ServerHello, Certificate, ServerKeyExchange,
ServerHelloDone) EAP-Response/TypeEAP-TLS-PSK (C
lientKeyExchange, ChangeCipherSpec, Finished)
EAP-Request/TypeEAP-TLS-
PSK (ChangeCipherSpec, Finished) EAP-Response/Typ
eEAP-TLS-PSK() EAP-Success
5
Questions?
