Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

PPP EAP TLS Authentication Protocol (RFC2716)

IP.com Disclosure Number: IPCOM000003311D
Original Publication Date: 1999-Oct-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 20 page(s) / 46K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Aboba: AUTHOR [+2]

Abstract

The Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP also defines an extensible Link Control Protocol (LCP), which can be used to negotiate authentication methods, as well as an Encryption Control Protocol (ECP), used to negotiate data encryption over PPP links, and a Compression Control Protocol (CCP), used to negotiate compression methods. The Extensible Authentication Protocol (EAP) is a PPP extension that provides support for additional authentication methods within PPP.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group B. Aboba

Requests for Commments: 2716 D. Simon

Category: Experimental Microsoft

October 1999

PPP EAP TLS Authentication Protocol

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. It does not specify an Internet standard of any kind.

Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

1. Abstract

The Point-to-Point Protocol (PPP) provides a standard method for

transporting multi-protocol datagrams over point-to-point links. PPP

also defines an extensible Link Control Protocol (LCP), which can be

used to negotiate authentication methods, as well as an Encryption

Control Protocol (ECP), used to negotiate data encryption over PPP

links, and a Compression Control Protocol (CCP), used to negotiate

compression methods. The Extensible Authentication Protocol (EAP) is

a PPP extension that provides support for additional authentication

methods within PPP.

Transport Level Security (TLS) provides for mutual authentication,

integrity-protected ciphersuite negotiation and key exchange between

two endpoints. This document describes how EAP-TLS, which includes

support for fragmentation and reassembly, provides for these TLS

mechanisms within EAP.

2. Introduction

The Extensible Authentication Protocol (EAP), described in [5],

provides a standard mechanism for support of additional

authentication methods within PPP. Through the use of EAP, support

for a number of authentication schemes may be added, including smart

cards, Kerberos, Public Key, One Time Passwords, and others. To date

however, EAP methods such as [6] have focussed on authenticating a

client to a server.

However, it may be desirable to support mutual authentication, and

since PPP encryption protocols such as [9] and [10] assume existence

of a session key, it is useful to have a mechanism for session key

establishment. Since design of secure key management protocols is

non-trivial, it is desirable to avoid creating new mechanisms for

this. The EAP protocol described in this document allows a PPP peer

to take advantage of the protected ciphersuite negotiation, mutual

authentication and key management capabilities of the TLS protocol,

described in [12].

2.1. Requirements language

In this document, the key words "MAY", "MUST, "MUST NOT", "optional",

"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as

described in [11].

3. Protocol overview

3.1. Overview of the EAP-TLS conversation

As described in [5], the EAP-TLS conversation will typically begin

with the authenticator and the peer negotiating EAP. The

authenticator will then...