Content deleted Content added
clarify standard status of EAP-NOOB |
m put standardized mechanisms first |
||
Line 8:
The standard also describes the conditions under which the AAA key management requirements described in RFC 4962 can be satisfied.
==={{anchor|EAP-NOOB}}Nimble out-of-band authentication for EAP (EAP-NOOB)===▼
Nimble out-of-band authentication for EAP<ref>{{cite web | url = https://tools.ietf.org/html/draft-ietf-emu-eap-noob | title = Nimble out-of-band authentication for EAP (EAP-NOOB) Draft | first1 = Tuomas | last1 = Aura | first2 = Mohit | last2 = Sethi | publisher = IETF Trust | date = 2020-07-21}}</ref> (EAP-NOOB) is a proposed (work in progress, not RFC) generic bootstrapping solution for devices which have no pre-configured authentication credentials and which are not yet registered on any server. It is especially useful for Internet-of-Things (IoT) gadgets and toys that come with no information about any owner, network or server. Authentication for this EAP method is based on a user-assisted out-of-band (OOB) channel between the server and peer. EAP-NOOB supports many types of OOB channels such as QR codes, NFC tags, audio etc. and unlike other EAP methods, the protocol security has been verified by formal modeling of the specification with [[ProVerif]] and [[MCRL2]] tools.<ref>[https://github.com/tuomaura/eap-noob/tree/master/protocolmodel EAP-NOOB Model on GitHub]</ref>▼
EAP-NOOB performs an Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) over the in-band EAP channel. The user then confirms this exchange by transferring the OOB message. Users can transfer the OOB message from the peer to the server, when for example, the device is a smart TV that can show a QR code. Alternatively, users can transfer the OOB message from the server to the peer, when for example, the device being bootstrapped is a camera that can only read a QR code.▼
===Lightweight Extensible Authentication Protocol (LEAP)===
Line 120 ⟶ 115:
EAP-EKE is specified in RFC 6124.
▲==={{anchor|EAP-NOOB}}Nimble out-of-band authentication for EAP (EAP-NOOB)===
▲Nimble out-of-band authentication for EAP<ref>{{cite web | url = https://tools.ietf.org/html/draft-ietf-emu-eap-noob | title = Nimble out-of-band authentication for EAP (EAP-NOOB) Draft | first1 = Tuomas | last1 = Aura | first2 = Mohit | last2 = Sethi | publisher = IETF Trust | date = 2020-07-21}}</ref> (EAP-NOOB) is a proposed (work in progress, not RFC) generic bootstrapping solution for devices which have no pre-configured authentication credentials and which are not yet registered on any server. It is especially useful for Internet-of-Things (IoT) gadgets and toys that come with no information about any owner, network or server. Authentication for this EAP method is based on a user-assisted out-of-band (OOB) channel between the server and peer. EAP-NOOB supports many types of OOB channels such as QR codes, NFC tags, audio etc. and unlike other EAP methods, the protocol security has been verified by formal modeling of the specification with [[ProVerif]] and [[MCRL2]] tools.<ref>[https://github.com/tuomaura/eap-noob/tree/master/protocolmodel EAP-NOOB Model on GitHub]</ref>
▲EAP-NOOB performs an Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) over the in-band EAP channel. The user then confirms this exchange by transferring the OOB message. Users can transfer the OOB message from the peer to the server, when for example, the device is a smart TV that can show a QR code. Alternatively, users can transfer the OOB message from the server to the peer, when for example, the device being bootstrapped is a camera that can only read a QR code.
==Encapsulation==
| |||