home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
drafts
/
draft_ietf_j_p
/
draft-ietf-pppext-eap-auth-02.txt
< prev
next >
Wrap
Text File
|
1997-09-02
|
30KB
|
1,100 lines
Network Working Group L J Blunk
J R Vollbrecht
Internet Draft Merit Network, Inc.
expires in six months June 1996
PPP Extensible Authentication Protocol (EAP)
<draft-ietf-pppext-eap-auth-02.txt>
Status of this Memo
This document is the product of the Point-to-Point Protocol
Extensions Working Group of the Internet Engineering Task Force
(IETF). Comments should be submitted to the ietf-ppp@merit.edu
mailing list.
Distribution of this memo is unlimited.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is not appropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet- Drafts
Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
Abstract
The Point-to-Point Protocol (PPP) [1] provides a standard method for
transporting multi-protocol datagrams over point-to-point links.
PPP also defines an extensible Link Control Protocol, which allows
negotiation of an Authentication Protocol for authenticating its peer
before allowing Network Layer protocols to transmit over the link.
This document defines the PPP Extensible Authentication Protocol.
Blunk & Vollbrecht expires in six months [Page i]
DRAFT PPP EAP June 1996
Table of Contents
1. Introduction .......................................... 1
1.1 Specification of Requirements ................... 1
1.2 Terminology ..................................... 2
2. PPP Extensible Authentication Protocol (EAP) .......... 3
2.1 Configuration Option Format ..................... 5
2.2 Packet Format ................................... 6
2.2.1 Request and Response ............................ 7
2.2.2 Success and Failure ............................. 9
3. Initial EAP Request/Response Types .................... 10
3.1 Identity ........................................ 11
3.2 Notification .................................... 12
3.3 Nak ............................................. 13
3.4 MD5-Challenge ................................... 14
3.5 S/Key ........................................... 15
3.6 Generic Token Card .............................. 16
REFERENCES ................................................... 18
ACKNOWLEDGEMENTS ............................................. 18
CHAIR'S ADDRESS .............................................. 18
AUTHOR'S ADDRESS ............................................. 18
Blunk & Vollbrecht expires in six months [Page ii]
DRAFT PPP EAP June 1996
1. Introduction
In order to establish communications over a point-to-point link, each
end of the PPP link must first send LCP packets to configure the data
link during Link Establishment phase. After the link has been
established, PPP provides for an optional Authentication phase before
proceeding to the Network-Layer Protocol phase.
By default, authentication is not mandatory. If authentication of
the link is desired, an implementation MUST specify the
Authentication-Protocol Configuration Option during Link
Establishment phase.
These authentication protocols are intended for use primarily by
hosts and routers that connect to a PPP network server via switched
circuits or dial-up lines, but might be applied to dedicated links as
well. The server can use the identification of the connecting host
or router in the selection of options for network layer negotiations.
This document defines the PPP Extensible Authentication Protocol
(EAP). The Link Establishment and Authentication phases, and the
Authentication-Protocol Configuration Option, are defined in The
Point-to-Point Protocol (PPP) [1].
1.1. Specification of Requirements
In this document, several words are used to signify the requirements
of the specification. These words are often capitalized.
MUST This word, or the adjective "required", means that the
definition is an absolute requirement of the specification.
MUST NOT This phrase means that the definition is an absolute
prohibition of the specification.
SHOULD This word, or the adjective "recommended", means that there
may exist valid reasons in particular circumstances to
ignore this item, but the full implications must be
understood and carefully weighed before choosing a
different course.
MAY This word, or the adjective "optional", means that this
item is one of an allowed set of alternatives. An
implementation which does not include this option MUST be
prepared to interoperate with another implementation which
does include the option.
Blunk & Vollbrecht expires in six months [Page 1]
DRAFT PPP EAP June 1996
1.2. Terminology
This document frequently uses the following terms:
authenticator
The end of the link requiring the authentication. The
authenticator specifies the authentication protocol to be
used in the Configure-Request during Link Establishment
phase.
peer The other end of the point-to-point link; the end which is
being authenticated by the authenticator.
silently discard
This means the implementation discards the packet without
further processing. The implementation SHOULD provide the
capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event
in a statistics counter.
displayable message
This is interpreted to be human readable string of
characters, and MUST NOT affect operation of the protocol.
It is recommended that the message contain displayable
ASCII characters 32 through 126 decimal. Mechanisms for
extension to other character sets are the topic of future
research.
Blunk & Vollbrecht expires in six months [Page 2]
DRAFT PPP EAP June 1996
2. PPP Extensible Authentication Protocol (EAP)
The PPP Extensible Authentication Protocol (EAP) is a general
protocol for PPP authentication which supports multiple
authentication mechanisms. EAP does not select a specific
authentication mechanism at Link Control Phase, but rather postpones
this until the Authentication Phase. This allows the authenticator
to request more information before determining the specific
authentication mechanism. This also permits the use of a "back-end"
server which actually implements the various mechanisms while the PPP
authenticator merely passes through the authentication exchange.
1. After the Link Establishment phase is complete, the authenticator
sends one or more Requests to authenticate the peer. The Request
has a type field to indicate what is being requested. Examples of
Request types include Identity, MD5-challenge, S/Key, Generic
Token Card, etc. The MD5-challenge type corresponds closely to
the CHAP authentication protocol. Typically, the authenticator
will send an initial Identity Request followed by one or more
Requests for authentication information. However, an initial
Identity Request is not required, and may be bypassed in cases
where the identity is presumed (leased lines, dedicated dial-ups,
etc.).
2. The peer sends a Response packet in reply to each Request. As
with the Request packet, the Response packet contains a type field
which corresponds to the type field of the Request.
3. The authenticator ends the authentication phase with a Success or
Failure packet.
Blunk & Vollbrecht expires in six months [Page 3]
DRAFT PPP EAP June 1996
Advantages
The EAP protocol can support multiple authentication mechanisms
without having to pre-negotiate a particular one during LCP Phase.
Certain devices (e.g. a NAS) do not necessarily have to understand
each request type and may be able to simply act as a passthrough
agent for a "back-end" server on a host. The device only need look
for the success/failure code to terminate the authentication phase.
Disadvantages
EAP does require the addition of a new authentication type to LCP and
thus PPP implementations will need to be modified to use it. It also
strays from the previous PPP authentication model of negotiating a
specific authentication mechanism during LCP.
Blunk & Vollbrecht expires in six months [Page 4]
DRAFT PPP EAP June 1996
2.1. Configuration Option Format
A summary of the Authentication-Protocol Configuration Option format
to negotiate the EAP Authentication Protocol is shown below. The
fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Authentication-Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
3
Length
4
Authentication-Protocol
C227 (Hex) for PPP Extensible Authentication Protocol (EAP)
Blunk & Vollbrecht expires in six months [Page 5]
DRAFT PPP EAP June 1996
2.2. Packet Format
Exactly one PPP EAP packet is encapsulated in the Information field
of a PPP Data Link Layer frame where the protocol field indicates
type hex C227 (PPP EAP). A summary of the EAP packet format is shown
below. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+
Code
The Code field is one octet and identifies the type of EAP packet.
EAP Codes are assigned as follows:
1 Request
2 Response
3 Success
4 Failure
Identifier
The Identifier field is one octet and aids in matching responses
with requests.
Length
The Length field is two octets and indicates the length of the EAP
packet including the Code, Identifier, Length and Data fields.
Octets outside the range of the Length field should be treated as
Data Link Layer padding and should be ignored on reception.
Data
The Data field is zero or more octets. The format of the Data
field is determined by the Code field.
Blunk & Vollbrecht expires in six months [Page 6]
DRAFT PPP EAP June 1996
2.2.1. Request and Response
Description
The Request packet is sent by the authenticator to the peer. Each
Request has a type field which serves to indicate what is being
requested. The authenticator MUST transmit an EAP packet with the
Code field set to 1 (Request). Additional Request packets MUST be
sent until a valid Response packet is received, or an optional
retry counter expires. Retransmitted Requests MUST be sent with
the same Identifier value in order to distinguish them from new
Requests. The contents of the data field is dependent on the
Request type. The peer MUST send a Response packet in reply to a
Request packet. Responses MUST only be sent in reply to a
received Request and never retransmitted on a timer. The
Identifier field of the Response MUST match that of the Request.
Implementation Note: Because the authentication process will
often involve user input, some care must be taken when deciding
upon retransmission strategies and authentication timeouts. It
is suggested a retransmission timer of 6 seconds with a maximum
of 10 retransmissions be used as default. One may wish to make
these timeouts longer in certain cases (e.g. where Token Cards
are involved). Additionally, the peer must be prepared to
silently discard received retransmissions while waiting for
user input.
A summary of the Request and Response packet format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Type-Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
1 for Request;
2 for Response.
Identifier
The Identifier field is one octet. The Identifier field MUST be
Blunk & Vollbrecht expires in six months [Page 7]
DRAFT PPP EAP June 1996
the same if a Request packet is retransmitted due to a timeout
while waiting for a Response. Any new (non-retransmission)
Requests MUST modify the Identifier field. If a peer recieves a
duplicate Request for which it has already sent a Response, it
MUST resend it's Response. If a peer receives a duplicate Request
before it has sent a Response to the initial Request (i.e. it's
waiting for user input), it MUST silently discard the duplicate
Request.
Length
The Length field is two octets and indicates the length of the EAP
packet including the Code, Identifier, Length, Type, and Type-Data
fields. Octets outside the range of the Length field should be
treated as Data Link Layer padding and should be ignored on
reception.
Type
The Type field is one octet. This field indicates the Type of
Request or Response. Only one Type may be specified per EAP
Request or Response. Normally, the Type field of the Response
will be the same as the Type of the Request. However, there is
also a Nak Response Type for indicating that a Request type is
unacceptable to the peer. When sending a Nak in response to a
Request, the peer may indicate an alternative desired
authentication Type which it supports. An initial specification of
Types follows in a later section of this document.
Type-Data
The Type-Data field varies with the Type of Request and the
associated Response.
Blunk & Vollbrecht expires in six months [Page 8]
DRAFT PPP EAP June 1996
2.2.2. Success and Failure
Description
The Success packet is sent by the authenticator to the peer to
acknowledge successful authentication. The authenticator MUST
transmit an EAP packet with the Code field set to 3 (Success).
If the authenticator cannot authenticate the peer (unacceptable
Responses to one or more Requests) then the implementation MUST
transmit an EAP packet with the Code field set to 4 (Failure). An
authenticator may wish to issue multiple Requests before sending a
Failure response in order to allow for human typing mistakes.
Implementation Note: Because the Success and Failure packets
are not acknowledged, they may be potentially lost. A peer
MUST allow for this circumstance. The peer can use a Network
Protocol packet as an alternative indication of Success.
Likewise, the receipt of a LCP Terminate-Request can be taken
as a Failure.
A summary of the Success and Failure packet format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code
3 for Success;
4 for Failure.
Identifier
The Identifier field is one octet and aids in matching replies to
Responses. The Identifier field MUST match the Indentifier field
of the Response packet that it is sent in response to.
Length
4
Blunk & Vollbrecht expires in six months [Page 9]
DRAFT PPP EAP June 1996
3. Initial EAP Request/Response Types
This section defines the initial set of EAP Types used in
Request/Response exchanges. More Types may be defined in follow-on
documents. The Type field is one octet and identifies the structure
of an EAP Request or Response packet. The first 3 Types are
considered special case Types. The remaining Types define
authentication exchanges. The Nak Type is valid only for Response
packets, it may not be sent in a Request. The Nak Type may only be
sent in repsonse to a Request which usea an authentication Type code.
Support for EAP Types 1-4 is MANDATORY. These Types, as well as
types 5 and 6, are defined in this document. Follow-on RFCs will
define additional EAP Types.
1 Identity
2 Notification
3 Nak (Response only)
4 MD5-Challenge
5 S/Key (RFC 1760)
6 Generic Token Card
Blunk & Vollbrecht expires in six months [Page 10]
DRAFT PPP EAP June 1996
3.1. Identity
Description
The Identity Type is used to query the identity of the peer.
Generally, the authenticator will issue this as the initial
Request. An optional displayable message may be included to
prompt the peer in the case where there expectation of interaction
with a user. A Response MUST be sent to this Request with a Type
of 1 (Identity).
Implementation Note: The peer may obtain the Identity via user
input. It is suggested that the authenticator retry the
Indentity Request in the case of an invalid Identity or
authentication failure to allow for potential typos on the part
of the user. It is suggested that the Identity Request be
retried a minimum of 3 times before terminating the
authentication phase with a Failure reply. The Notification
Request may be used to indicate an invalid authentication
attempt prior to transmitting a new Identity Request
(optionally, the failure may be indicated within the message of
the new Identity Request itself).
Type
1
Type-Data
This field MAY contain a displayable message in the Request. The
Response uses this field to return the Identity. If the Identity
is unknown, this field should be zero bytes in length. The field
need not be null terminated. The length of this field is derived
from the Length field of the Request/Response packet.
Blunk & Vollbrecht expires in six months [Page 11]
DRAFT PPP EAP June 1996
3.2. Notification
Description
The Notification Type is optionally used to convey a displayable
message from the authenticator to the peer. The peer SHOULD
display this message to the user or log it if it cannot be
displayed. It is intended to provide an acknowledged notification
of some imperative nature. Examples include a password with an
expiration time that is about to expire, an S/Key id which is
nearing 0, an authentication failure warning, etc. In most
circumstances, notification should not be required.
Type
2
Type-Data
The Type-Data field in the Request contains a displayable message
greater than zero octets in length. The length of the message is
determined by Length field of the Request packet. The message
need not be null terminated. A Response MUST be sent in reply to
the Request with a Type field of 2 (Notification). The Type-Data
field of the Response is zero octets in length. The Response
should be sent immediately (independent of how the message is
displayed or logged).
Blunk & Vollbrecht expires in six months [Page 12]
DRAFT PPP EAP June 1996
3.3. Nak
Description
The Nak Type is valid only in Response messages. It is sent in
reply to a Request where the desired authentication Type is
unacceptable. Authentication Types are numbered 4 and above.
The Response contains the authentication Type desired by the peer.
Type
3
Type-Data
This field MUST contain a single octet indicating the desired
authentication type.
Blunk & Vollbrecht expires in six months [Page 13]
DRAFT PPP EAP June 1996
3.4. MD5-Challenge
Description
The MD5-Challenge Type is analagous to the PPP CHAP protocol [3]
(with MD5 as the specified algorithm). The PPP Authentication
Protocols RFC [3] should be referred to for further implementation
specifics. The Request contains a "challenge" message to the
peer. A Repsonse MUST be sent in reply to the Request. The
Response MAY be either of Type 4 (MD5-Challenge) or Type 3 (Nak).
The Nak reply indicates the peer's desired authentication
mechanism Type. Support for the MD5-Challenge mechanism is
MANDATORY.
Type
4
Type-Data
The contents of the Type-Data field is summarized below. For
reference on the use of this fields see the PPP Authentication
Protocols RFC [3].
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Blunk & Vollbrecht expires in six months [Page 14]
DRAFT PPP EAP June 1996
3.5. S/Key
Description The S/Key system is defined in "The S/KEY One-Time
Password System" [4]. The Request contains a displayable message
consisting of the S/Key count and a seed. A Repsonse MUST be sent in
reply to the Request. The Response MUST be of Type 5 (S/key) or Type
3 (Nak). The Nak reply indicates the peer's desired authentication
mechanism Type.
Type
5
Type-Data
The Type-Data field contains the S/Key "challenge" (count and seed)
as a displayable message in the Request. This field is used for the
6 words (displayable text) from the S/Key dictionary [4] in the
Response. The messages need not be null terminated. The length of
the field is derived from the Length field of the Request/Reply
packet.
Blunk & Vollbrecht expires in six months [Page 15]
DRAFT PPP EAP June 1996
3.6. Generic Token Card
Description
The Generic Token Card Type is defined for use with various Token
Card implementations which require user input. The Request
contains an ASCII text message and the Reply contains the Token
Card information necessary for authentication. Typically, this
would be information read by a user from the Token card device and
entered as ASCII text.
Type
6
Type-Data
The Type-Data field in the Request contains a displayable message
greater than zero octets in length. The length of the message is
determined by Length field of the Request packet. The message
need not be null terminated. A Response MUST be sent in reply to
the Request with a Type field of 6 (Generic Token Card). The
Response contains data from the Token Card required for
authentication. The length is of the data is determined by the
Length field of the Response packet.
Blunk & Vollbrecht expires in six months [Page 16]
DRAFT PPP EAP June 1996
Security Considerations
Security issues are the primary topic of this RFC.
The interaction of the authentication protocols within PPP are highly
implementation dependent.
For example, upon failure of authentication, some implementations do
not terminate the link. Instead, the implementation limits the kind
of traffic in the Network-Layer Protocols to a filtered subset, which
in turn allows the user opportunity to update secrets or send mail to
the network administrator indicating a problem.
There is no provision for retries of failed authentication. However,
the LCP state machine can renegotiate the authentication protocol at
any time, thus allowing a new attempt. It is recommended that any
counters used for authentication failure not be reset until after
successful authentication, or subsequent termination of the failed
link.
There is no requirement that authentication be full duplex or that
the same protocol be used in both directions. It is perfectly
acceptable for different protocols to be used in each direction.
This will, of course, depend on the specific protocols negotiated.
In practice, within or associated with each PPP server, there is a
database which associates "user" names with authentication
information ("secrets"). It is not anticipated that a particular
named user would be authenticated by multiple methods. This would
make the user vulnerable to attacks which negotiate the least secure
method from among a set (such as PAP rather than EAP). Instead, for
each named user there should be an indication of exactly one method
used to authenticate that user name. If a user needs to make use of
different authentication methods under different circumstances, then
distinct user names SHOULD be employed, each of which identifies
exactly one authentication method.
Blunk & Vollbrecht expires in six months [Page 17]
DRAFT PPP EAP June 1996
References
[1] Simpson, W. A., "The Point-to-Point Protocol (PPP)", RFC 1661.
[2] Reynolds, J., and J. Postel, "Assigned Numbers", RFC 1700,
USC/Information Sciences Institute, October 1994.
[3] Lloyd, B., and Simpson, W., "PPP Authentication Protocols",
RFC 1334, October 1992.
[4] Haller, N., "The S/KEY One-Time Password System", RFC 1760,
Bellcore, February 1995.
Acknowledgments
This protocol derives much of its inspiration from Dave Carrel's AHA
draft as well as the PPP CHAP protocol [3]. Bill Simpson provided
much of the boilerplate used throughout this document. Al Rubens
(Merit) also provided valuable feedback.
Chair's Address
The working group can be contacted via the current chair:
Karl Fox
Ascend Communications
EMail: karl@MorningStar.Com
Author's Address
Questions about this memo can also be directed to:
Larry J Blunk John R Vollbrecht
EMail: ljb@merit.edu EMail: jrv@merit.edu
Blunk & Vollbrecht expires in six months [Page 18]