Transcript PPT Version

Background and Introduction
1
Outline
• History
• Scope
• Administrative
2
History 1/4
• Recent interest in using EAP in various IETF
WGs
• Traditional, network access-related use in
PPP, PANA (and IEEE of course)
• VPN usage in IKEv2
• Other kinds of use or proposals in MIP6,
DHC, NSIS, ISMS, EAP Multi-Hop Bar BoF,
…
• Some of this usage may be outside originally
intended application of EAP
3
History 2/4
• EAP co-chairs and ADs were interested in
this
– What’s the problem?
– Why are we seeing such an interest?
– What’s the right solution?
• Trying to take a step back and analyze the
situation
4
History 3/4
• Deployment problems for security
– Effort needed in set-up too much for some cases
– Initial plans for security are often (too?) ambitious
– In many cases most of the cost in security is in
deployment
– Example: calculate the investment to upgrade all
GSM SIM cards to new ones -- N = 1.5G, process
cost per unit ~ 20$
• Increased number of roaming, mobile users
– Can not rely on local shared secrets
• Technical problems in some of the solutions
for securing our protocols
5
History 4/4
• Functional growth in the IP layer
–
–
–
–
IPv6 ND does more than ARP
Mobility mechanisms and optimizations
Network access functions
The requirements for security are higher
• ...
• These issues have led people to look for
reuse of security that already exists for other
purposes
– Don’t have to deploy new credentials
– Don’t have to invent new protocols
6
Some Concrete Examples...
• DHCP typically not secured, although security
solutions exist for it
• Original IPv6 ND security had technical and
deployment problems -- later replaced by
SEND (but no deployment experience yet)
• Mobile IPv6 requires strong security between
home agents and mobile nodes; setting this
up has proved challenging in practice -- also
unable to use existing shared secrets in AAA
7
Scope for the BoF
• Talk about the needs (the problem) in the
various WGs
• Talk about the different potential solutions
(at a high level, no bits)
• Goals of this BoF are primary educational:
– We learn more about the problems
– We learn more about the solutions
– Find others who have the same problems
8
Non-Scope for the BoF
• Start protocol work -- this is a one-time
discussion forum
• Take work over from WGs -- the relevant
WGs have the responsibility to develop
their own solutions
• Argue about EAP applicability rules -- we
will mention these but try to focus on highlevel solution alternatives rather than a
single protocol
9