Security Claims Terminology for Eap Methods . . . . . 6 2. Extensible Authentication Protocol (eap) . . . . . . . . . . 8 2.1

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Abstract This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods. EAP typically runs directly over data link layers such as PPP or IEEE 802, without requiring IP. EAP provides its own support for duplicate elimination and retransmission, but is reliant on lower Blunk, et al. layer ordering guarantees. Fragmentation is not supported within EAP itself; however, individual EAP methods may support this.

[1]  William Allen Simpson,et al.  PPP Challenge Handshake Authentication Protocol (CHAP) , 1996, RFC.

[2]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[3]  Li Jian,et al.  Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol , 2002 .

[4]  Joshua Quittner,et al.  Masters of Deception , 1994 .

[5]  William Allen Simpson,et al.  The Point-to-Point Protocol (PPP) , 1993, RFC.

[6]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.

[7]  Robert D. Silverman A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths RSA Labs bulletin , 2000 .

[8]  Kurt D. Zeilenga,et al.  SASLprep: Stringprep Profile for User Names and Passwords , 2005, RFC.

[9]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[11]  Ieee Standards Board IEEE standards for local and metropolitan area networks : overview and architecture , 1990 .

[12]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[13]  Donald E. Eastlake,et al.  Randomness Recommendations for Security , 1994, RFC.

[14]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[15]  Thomas Narten,et al.  Guidelines for Writing an IANA Considerations Section in RFCs , 1998, RFC.

[16]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[17]  Paul E. Hoffman,et al.  Preparation of Internationalized Strings ("stringprep") , 2002, RFC.

[18]  Glen Zorn,et al.  Microsoft PPP CHAP Extensions , 1998, RFC.

[19]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[20]  Bernard Aboba,et al.  Proxy Chaining and Policy Implementation in Roaming , 1999, RFC.

[21]  Eugene H. Spafford,et al.  Misplaced trust: Kerberos 4 session keys , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[22]  Bernard Aboba,et al.  RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP) , 2003, RFC.

[23]  Jari Arkko,et al.  The Network Access Identifier , 2005, RFC.

[24]  Glen Zorn,et al.  Layer Two Tunneling Protocol "L2TP" , 1999, RFC.

[25]  Thomas Narten,et al.  Assigning Experimental and Testing Numbers Considered Useful , 2004, RFC.

[26]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[27]  Craig Metz,et al.  OTP Extended Responses , 1997, RFC.

[28]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.