draft-ietf-emu-eap-gpsk-00.txt   draft-ietf-emu-eap-gpsk-01.txt 
EMU Working Group T. Clancy EMU Working Group T. Clancy
Internet-Draft LTS Internet-Draft LTS
Intended status: Standards Track H. Tschofenig Intended status: Standards Track H. Tschofenig
Expires: April 18, 2007 Siemens Expires: May 4, 2007 Siemens
October 15, 2006 October 31, 2006
EAP Generalized Pre-Shared Key (EAP-GPSK) EAP Generalized Pre-Shared Key (EAP-GPSK)
draft-ietf-emu-eap-gpsk-00.txt draft-ietf-emu-eap-gpsk-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 18, 2007. This Internet-Draft will expire on May 4, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This Internet Draft defines an Extensible Authentication Protocol This Internet Draft defines an Extensible Authentication Protocol
method called EAP Generalized Pre-Shared Key (EAP-GPSK). This method method called EAP Generalized Pre-Shared Key (EAP-GPSK). This method
is a lightweight shared-key authentication protocol supporting mutual is a lightweight shared-key authentication protocol supporting mutual
skipping to change at page 14, line 9 skipping to change at page 14, line 9
where Input refers to the following content: where Input refers to the following content:
o Value of SEC_SK in message GPSK-2 o Value of SEC_SK in message GPSK-2
o Value of SEC_SK in message GPSK-3 o Value of SEC_SK in message GPSK-3
o Value of SEC_SK in message GPSK-4 o Value of SEC_SK in message GPSK-4
6.1.3. Key Derivation 6.1.3. Key Derivation
This ciphersuite instantiates the KDF in the following way: This ciphersuite instantiates the KDF in the following way:
MK = GKDF-16 (PSK[0..15], RAND_Client || ID_Client || RAND_Server || inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
ID_Server)
KDF_out = GKDF-160 (MK, RAND_Client || ID_Client || RAND_Server || MK = GKDF-16 (Zero-String, PL || PSK || CSuite_SEL || inputString)
ID_Server)
KDF_out = GKDF-160 (MK, inputString)
MSK = KDF_out[0..63] MSK = KDF_out[0..63]
EMSK = KDF_out[64..127] EMSK = KDF_out[64..127]
SK = KDF_out[128..143] SK = KDF_out[128..143]
PK = KDF_out[144..159] PK = KDF_out[144..159]
MID = GKDF-16 (Zero-String, "Method ID" || EAP_Method_Type || MID = GKDF-16 (Zero-String, "Method ID" || EAP_Method_Type ||
RAND_Client || ID_Client || RAND_Server || ID_Server) CSuite_Sel || inputString)
6.2. Ciphersuite #2 6.2. Ciphersuite #2
6.2.1. Encryption 6.2.1. Encryption
Ciphersuite 2 does not include an algorithm for encryption. With a Ciphersuite 2 does not include an algorithm for encryption. With a
NULL encryption algorithm, encryption is defined as: NULL encryption algorithm, encryption is defined as:
E_X(Y) = Y E_X(Y) = Y
skipping to change at page 15, line 10 skipping to change at page 15, line 10
where Input refers to the following content: where Input refers to the following content:
o Value of SEC_SK in message GPSK-2 o Value of SEC_SK in message GPSK-2
o Value of SEC_SK in message GPSK-3 o Value of SEC_SK in message GPSK-3
o Value of SEC_SK in message GPSK-4 o Value of SEC_SK in message GPSK-4
6.2.3. Key Derivation 6.2.3. Key Derivation
This ciphersuite instantiates the KDF in the following way: This ciphersuite instantiates the KDF in the following way:
MK = GKDF-32 (PSK, RAND_Client || ID_Client || RAND_Server || inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
ID_Server)
KDF_out = GKDF-192 (MK, RAND_Client || ID_Client || RAND_Server || MK = GKDF-32 (Zero-String, PL || PSK || CSuite_SEL || inputString)
ID_Server)
KDF_out = GKDF-192 (MK, inputString)
MSK = KDF_out[0..63] MSK = KDF_out[0..63]
EMSK = KDF_out[64..127] EMSK = KDF_out[64..127]
SK = KDF_out[128..159] SK = KDF_out[128..159]
PK = KDF_out[160..191] PK = KDF_out[160..191]
MID = GKDF-16 (Zero-String, "Method ID" || EAP_Method_Type || MID = GKDF-16 (Zero-String, "Method ID" || EAP_Method_Type ||
RAND_Client || ID_Client || RAND_Server || ID_Server) CSuite_Sel || inputString)
7. Packet Formats 7. Packet Formats
This section defines the packet format of the EAP-GPSK messages. This section defines the packet format of the EAP-GPSK messages.
7.1. Header Format 7.1. Header Format
The EAP-GPSK header has the following structure: The EAP-GPSK header has the following structure:
--- bit offset ---> --- bit offset --->
skipping to change at page 27, line 8 skipping to change at page 27, line 8
Exchange", draft-clancy-eap-pax-11 (work in progress), Exchange", draft-clancy-eap-pax-11 (work in progress),
September 2006. September 2006.
[I-D.bersani-eap-psk] [I-D.bersani-eap-psk]
Tschofenig, H. and F. Bersani, "The EAP-PSK Protocol: a Tschofenig, H. and F. Bersani, "The EAP-PSK Protocol: a
Pre-Shared Key EAP Method", draft-bersani-eap-psk-11 (work Pre-Shared Key EAP Method", draft-bersani-eap-psk-11 (work
in progress), June 2006. in progress), June 2006.
[I-D.otto-emu-eap-tls-psk] [I-D.otto-emu-eap-tls-psk]
Otto, T. and H. Tschofenig, "The EAP-TLS-PSK Otto, T. and H. Tschofenig, "The EAP-TLS-PSK
Authentication Protocol", draft-otto-emu-eap-tls-psk-00 Authentication Protocol", draft-otto-emu-eap-tls-psk-01
(work in progress), April 2006. (work in progress), October 2006.
[I-D.vanderveen-eap-sake] [I-D.vanderveen-eap-sake]
Vanderveen, M. and H. Soliman, "Extensible Authentication Vanderveen, M. and H. Soliman, "Extensible Authentication
Protocol Method for Shared-secret Authentication and Key Protocol Method for Shared-secret Authentication and Key
Establishment (EAP-SAKE)", draft-vanderveen-eap-sake-02 Establishment (EAP-SAKE)", draft-vanderveen-eap-sake-02
(work in progress), May 2006. (work in progress), May 2006.
[I-D.ietf-eap-keying] [I-D.ietf-eap-keying]
Aboba, B., "Extensible Authentication Protocol (EAP) Key Aboba, B., "Extensible Authentication Protocol (EAP) Key
Management Framework", draft-ietf-eap-keying-14 (work in Management Framework", draft-ietf-eap-keying-15 (work in
progress), June 2006. progress), October 2006.
[RFC4017] Stanley, D., Walker, J., and B. Aboba, "Extensible [RFC4017] Stanley, D., Walker, J., and B. Aboba, "Extensible
Authentication Protocol (EAP) Method Requirements for Authentication Protocol (EAP) Method Requirements for
Wireless LANs", RFC 4017, March 2005. Wireless LANs", RFC 4017, March 2005.
[CMAC] National Institute of Standards and Technology, [CMAC] National Institute of Standards and Technology,
"Recommendation for Block Cipher Modes of Operation: The "Recommendation for Block Cipher Modes of Operation: The
CMAC Mode for Authentication", Special Publication CMAC Mode for Authentication", Special Publication
(SP) 800-38B, May 2005. (SP) 800-38B, May 2005.
 End of changes. 11 change blocks. 
18 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/