headers
Joseph Salowey (jsalowey | 4 Jun 2007 19:26
Picon
Favicon

Liaison statement from IEEE 802.11u on "EAP emergency method"

The liaison statement from the IEEE 802.11u on "EAP emergency Method" is
now available at https://datatracker.ietf.org/public/liaisons.cgi.  

One of the documents on requirements appears to be missing on the
liaison page (the requirements presentation).  I will work on getting
this updated. 

Joe
Permalink | Reply | 0 comments |
headers
Bernard Aboba | 5 Jun 2007 20:03
Picon
Favicon

Conclusion of "last look": EAP Network Selection Problem Statement Document

The "last look" has concluded on the EAP Network Selectoin Problem Statement document, and all comments received have been incorporated in the -08 version of the document, which has been submitted and will be available here:
 
http://www.ietf.org/internet-drafts/draft-ietf-eap-netsel-problem-08.txt
 
At this point, the AD (Mark Townsley) has been requested to initiate final review prior to submitting this document to the IESG for publication as an Informational RFC.
 
 
 
 
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 0 comments |
headers
Internet-Drafts | 5 Jun 2007 21:50
Picon
Favicon

I-D ACTION:draft-ietf-eap-netsel-problem-08.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Extensible Authentication Protocol Working Group of the IETF.

	Title		: Network Discovery and Selection Problem
	Author(s)	: J. Arkko, et al.
	Filename	: draft-ietf-eap-netsel-problem-08.txt
	Pages		: 40
	Date		: 2007-6-5
	
When multiple access networks are available, users may have
   difficulty in selecting which network to connect to, and how to
   authenticate with that network.  This document defines the network
   discovery and selection problem, dividing it into multiple sub-
   problems.  Some constraints on potential solutions are outlined, and
   the limitations of several solutions (including existing ones) are
   discussed.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-eap-netsel-problem-08.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of 
the message. 
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the 
username "anonymous" and a password of your e-mail address. After 
logging in, type "cd internet-drafts" and then 
"get draft-ietf-eap-netsel-problem-08.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv <at> ietf.org.
In the body type:
	"FILE /internet-drafts/draft-ietf-eap-netsel-problem-08.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
Attachment: message/external-body, 141 bytes
Attachment (draft-ietf-eap-netsel-problem-08.txt): message/external-body, 68 bytes
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 0 comments |
headers
Mahesh Dantakale | 8 Jun 2007 13:06
Picon
Favicon

Identifier Wrap-around

The Identifier is one ocetet field and unique for each EAP-Request.
What happens, if the number of Requests exceeds 255 in an EAP-Conversation?

Will the Identifier wrap-aroud to zero after 255?
If yes, then wouldnt EAP regard this as duplicate packet, as the Identifier field in new Request packet is less than the previous Request packet ?

Thanks and Regards
Mahesh

The idiot box is no longer passe; It's making news and how! 
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 1 comment |
headers
Pasi.Eronen | 8 Jun 2007 13:13
Picon

Re: Identifier Wrap-around

Mahesh Dantakale wrote:
> 
> The Identifier is one ocetet field and unique for each EAP-Request.
> What happens, if the number of Requests exceeds 255 in an
> EAP-Conversation?
> 
> Will the Identifier wrap-aroud to zero after 255?  If yes, then
> wouldnt EAP regard this as duplicate packet, as the Identifier field
> in new Request packet is less than the previous Request packet ?

The identifier doesn't have to be unique for each EAP-Request:

   In order to avoid confusion between new Requests and
   retransmissions, the Identifier value chosen for each new Request
   need only be different from the previous Request, but need not be
   unique within the conversation.

and it's not necessary even an increasing sequence:

   EAP does not require the Identifier to be monotonically increasing,

So identifier sequence 0,1,0,1,0,1 would be equally acceptable
as 253,254,255,0,1,2 ...

Best regards,
Pasi
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 0 comments |
headers
david@mitton.com | 8 Jun 2007 15:40

Re: Identifier Wrap-around

Indeed.
You may even be suprised to discover that some tunneling protocols 
don't even use the same ID on one side of the tunnel that was supplied 
on the other side.

I discovered this issue when we attempted a crypto binding including 
the ID and it failed in certain circumstances.

Dave.

----Original Message----
From: Pasi.Eronen <at> nokia.com
Date: Jun 8, 2007 7:13 
To: <mahesh.dantakale <at> hotmail.com>, <eap <at> frascone.com>
Subj: Re: [eap] Identifier Wrap-around

Mahesh Dantakale wrote:
> 
> The Identifier is one ocetet field and unique for each EAP-Request.
> What happens, if the number of Requests exceeds 255 in an
> EAP-Conversation?
> 
> Will the Identifier wrap-aroud to zero after 255?  If yes, then
> wouldnt EAP regard this as duplicate packet, as the Identifier field
> in new Request packet is less than the previous Request packet ?

The identifier doesn't have to be unique for each EAP-Request:

   In order to avoid confusion between new Requests and
   retransmissions, the Identifier value chosen for each new Request
   need only be different from the previous Request, but need not be
   unique within the conversation.

and it's not necessary even an increasing sequence:

   EAP does not require the Identifier to be monotonically increasing,

So identifier sequence 0,1,0,1,0,1 would be equally acceptable
as 253,254,255,0,1,2 ...

Best regards,
Pasi

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 0 comments |
headers
Yaron Sheffer | 12 Jun 2007 10:33
Picon
Favicon

Fwd: I-D ACTION:draft-nir-tls-eap-00.txt

Hi all,


we have recently submitted this revised draft, which should be of interest to the TLS community. I am cross-posting to the EAP list, as some people raised issues around the applicability of EAP to this proposal.


Your comments are very welcome. Please reply to the TLS list.


Thanks,

    Yaron


-------- Original Message -------- Subject: Date: From: Reply-To: To:
I-D ACTION:draft-nir-tls-eap-00.txt
Mon, 11 Jun 2007 15:50:02 -0400
Internet-Drafts <at> ietf.org
internet-drafts <at> ietf.org
i-d-announce <at> ietf.org


A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : TLS using EAP Authentication Author(s) : Y. Nir, et al. Filename : draft-nir-tls-eap-00.txt Pages : 20 Date : 2007-6-11 This document describes an extension to the TLS protocol to allow TLS clients to authenticate with legacy credentials using the Extensible Authentication Protocol (EAP). This work follows the example of IKEv2, where EAP has been added to the IKEv2 protocol to allow clients to use different credentials such as passwords, token cards, and shared secrets. When TLS is used with EAP, additional records are sent after the ChangeCipherSpec protocol message and before the Finished message, effectively creating an extended handshake before the application layer data can be sent. Each EapMsg handshake record contains exactly one EAP message. Using EAP for client authentication allows TLS to be used with various AAA back-end servers such as RADIUS or Diameter. TLS with EAP may be used for securing a data connection such as HTTP or POP3. We believe it has three main benefits: o The ability of EAP to work with backend servers can remove that burden from the application layer. o Moving the user authentication into the TLS handshake protects the presumably less secure application layer from attacks by unauthenticated parties. o Using mutual authentication methods within EAP can help thwart certain classes of phishing attacks. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-nir-tls-eap-00.txt To remove yourself from the I-D Announcement list, send a message to i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message. You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce to change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-nir-tls-eap-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv <at> ietf.org. In the body type: "FILE /internet-drafts/draft-nir-tls-eap-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. 
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 5 comments |
headers
Abhijit Rao | 23 Jun 2007 21:43
Picon
Favicon

Server Authentication in EAp-TLS/802.11i

Hello,

When EAP-TLS is in effect how is the 802.11i client
expected to authenticate the Server certificate? The
client does not access to "internet". I thought one
way is for the client it is a safe TLS - Server and go
ahead and finish the key generation ... and once the
"internet" access is available - to validate the
server certificate. But this does not work if it is a
closed network - please help. Your insight into this
matter is appreciated sincerely. I read the most
recent draft regarding EAP-TLS  I did not see any
recommendation being made.
Regards
Abhi

      ____________________________________________________________________________________
Shape Yahoo! in your own image.  Join our Network Research Panel today!  
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 

_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
Permalink | Reply | 0 comments |

Gmane