EAP Authentication for SIP draft-torvinen-http-eap-01.txt

EAP Authentication for SIPdraft-torvinen-http-eap-01.txt

Aki.Niemi@nokia.com

Vesa.Torvinen@ericsson.fi

Jari.Arkko@ericsson.com

EAP Authentication for SIP

• Extensible Authentication Protocol (RFC 2284)

• Originally used in PPP

• New applications emerged, e.g., IEEE 802.1X

• New auth-scheme for HTTP Authentication Framework (RFC 2617)

• Intended for initial authentication - could be used for session key or ticket generation for subsequent protection

• Adding new authentication methods under EAP requires no changes to SIP

• Protocol specification stays the same

• OS EAP APIs

• Offloading EAP to AAA servers

SIP Authentication Today

HTTP Eap

HTTP Authentication S/MIME

HTTP DigestHTTP Basic

EAP AKAEAP SRPEAP TLS EAP ...EAP Token Card

MIME PGP . . .

So Who Needs Extensible Authentication?

• Originally a requirement from 3GPP

• Necessary for any organization that needs past or future authentication schemes

• Security always needs set-up and infrastructure, both of which are typically tied to the used authentication schemes

• Undesirable to change existing infrastructure

• Most of the cost is in the cards, processes

• E.g., 3GPP handsets have SIM cards

• Avoid additional user configuration

Issues with HTTP Eap

• We have chosen to do only authentication

• Initial auth followed by e.g. Digest integrity

• Or extending HTTP Eap to cover also integrity

• Base64 encoded EAP in auth headers

• Usually not very large

• HTTP auth derived problems

• Multi-proxy authentication problem fixed

• Extra RTTs with EAP_ID_REQ

• The next draft version adds a username param to HTTP EAP which avoids this

Conclusion

• There is a requirement to support extensible and legacy authentication

• We believe something like this is needed for SIP

• Not just for 3GPP

• Some protocol detail issues to discuss

• What to do with the session keys - integrity protection

• Similar header interpretation issues as in Digest

• Base64 data (typically short, though)

• Time pressure from 3GPP

A Way Forward

• Work item for SIP

• Need input from the WG

• Technical issues

• Security issues

EAP Authentication for SIP draft-torvinen-http-eap-01.txt

Documents

Transcript of EAP Authentication for SIP draft-torvinen-http-eap-01.txt

REPAIR AND SERVICE MANUAL TXT 48V ELECTRIC …golftechs.us/Manuals/EZ GO/48 Volt TXT/48V TXT Service Manual.pdf · REPAIR AND SERVICE MANUAL TXT 48V ... ELECTRIC POWERED GOLF CAR

Txt Combustion

July 16, 2003AAA WG, IETF 571 EAP Keying Framework Draft-aboba-pppext-key-problem-07.txt aboba/IETF57/EAP/ EAP WG IETF 57 Vienna,

INTRODUCTION À GIT - · PDF file$ vi file2.txt $ vi file1.txt $ vi file3.txt $ git add . $ git status -s M file1.txt M file2.txt A file3.txt Oops, I only want to commit ﬁle3.txt

Introduction to EAP Profile 36. Overview Development of EAP Profile 36 Transition to EAP Profile 36 Update to EAP Profile Expiry Date.

EaP Thinkprismua.org/wp-content/uploads/2018/11/ETB_5_2018_rus.pdf · EaP ink Bridge 2 EaP Think Bridge EaP Think Bridge, №1, 2018EaP Think Bridge, №5, 20181.2623 Foreign Policy

Binder1 Txt

Serv1828 Txt

EAP Update

Eap Chapters

[]_Narcissistic_Personality_Disorder( ).txt

People Txt

Txt Lubricantes

@ Create Recovery Media Progress nation Local Storage ... · eula.1041.txt txt TXT TXT TXT TXT TXT 17,3 17,3 KS 7/11/20077:53 7/11/2007 7/11/20077:53 7/11/2007 7/11/20077:53 7/11/20077:5

Lifestyle EAP

The IncoNet EaP project: experiences and results EaP...The IncoNet EaP project: experiences and results Mr. Yannis KECHAGIARAS IncoNet EaP Project Manager CeRISS, Athens/Greece IncoNet

NWA1123-ACv2 - Farnell · 2016. 11. 12. · 5 WLAN Security WEP Yes WPA/WPA2-PSK Yes WPA/WPA2-Enterprise Yes EAP type EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-FAST, EAP-AKA and EAP-SIM WMM

Welding Txt

Famine Txt

Kerbal txt