EMU                                                          L. Yan, Ed.
Internet-Draft                                                    Huawei
Intended status: Standards Track                            4 March 2024
Expires: 5 September 2024


             EAP Multiple Pre-Shared Keys (EAP-MPSK) Method
                   draft-yan-emu-eap-multiple-psk-00

Abstract

   This document defines an Extensible Authentication Protocol (EAP)
   method for supporting the negotiation of a PSK among multiple PSKs.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 5 September 2024.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.







Yan                     Expires 5 September 2024                [Page 1]

Internet-Draft                  EAP-MPSK                      March 2024


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
     1.2.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   3
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   3
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   4
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   4

1.  Introduction

   The existing PSK-based EAP methods, EAP-GPSK [RFC5433], EAP-PSK
   [RFC4764], EAP-SAKE [RFC4763] and EAP-PAX [RFC4746], assumed that
   only one PSK had been configured for the EAP peer and server.  A
   single PSK does not provide perfect forward secrecy [RFC5433].
   Compromise of the PSK leads to compromise of recorded past sessions.
   Moreover, compromise of the PSK enables the attacker to impersonate
   the peer and the server, and it allows the adversary to compromise
   future sessions.  One solution is to use multiple PSKs between the
   EAP peer and server.

   Traditional manual configuration of PSKs lacks automation and is less
   efficient.  Currently, there are some new manners of configuring PSKs
   more efficiently.  Quantum keys generated by a quantum network can be
   automatically obtained through a network and configured as PSKs.  In
   the mobile communication scenario, plenty of quantum keys can be
   offline implanted into mobile terminals.  In the post-quantum
   scenario, each communication peer is typically assumed to have a list
   of post-quantum PSKs [RFC8784].  If there are ample PSKs, using each
   PSK only once will provide perfect forward secrecy.  Moreover, the
   attacker cannot impersonate the peer and the server by compromising a
   used PSK; one PSK's compromise will not influence future sessions.













Yan                     Expires 5 September 2024                [Page 2]

Internet-Draft                  EAP-MPSK                      March 2024


   Furthermore, the issue of PSK identity collisions should be
   considered when managing multiple PSKs.  PSKs can be configured in
   different manners, for example, through traditional manual
   configuration or obtained through quantum key generators.  The PSK
   identities in different configuration methods usually do not have a
   unified plan.  Thus, it is possible that a PSK identity may clash
   with another PSK identity configured in a different manner.  Even
   obtained from different quantum key generators, the PSKs' identity
   may have a collision.  Thus, multiple PSKs should be managed by
   category.

   This document modifies the EAP-GPSK to support the negotiation of a
   PSK among multiple PSKs.

1.1.  Terminology

1.2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  Overview

3.  Security Considerations

4.  IANA Considerations

5.  References

5.1.  Normative References

   [RFC5433]  Clancy, T. and H. Tschofenig, "Extensible Authentication
              Protocol - Generalized Pre-Shared Key (EAP-GPSK) Method",
              RFC 5433, DOI 10.17487/RFC5433, February 2009,
              <https://www.rfc-editor.org/rfc/rfc5433>.

   [RFC8784]  Fluhrer, S., Kampanakis, P., McGrew, D., and V. Smyslov,
              "Mixing Preshared Keys in the Internet Key Exchange
              Protocol Version 2 (IKEv2) for Post-quantum Security",
              RFC 8784, DOI 10.17487/RFC8784, June 2020,
              <https://www.rfc-editor.org/rfc/rfc8784>.







Yan                     Expires 5 September 2024                [Page 3]

Internet-Draft                  EAP-MPSK                      March 2024


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

5.2.  Informative References

   [RFC4746]  Clancy, T. and W. Arbaugh, "Extensible Authentication
              Protocol (EAP) Password Authenticated Exchange", RFC 4746,
              DOI 10.17487/RFC4746, November 2006,
              <https://www.rfc-editor.org/rfc/rfc4746>.

   [RFC4764]  Bersani, F. and H. Tschofenig, "The EAP-PSK Protocol: A
              Pre-Shared Key Extensible Authentication Protocol (EAP)
              Method", RFC 4764, DOI 10.17487/RFC4764, January 2007,
              <https://www.rfc-editor.org/rfc/rfc4764>.

   [RFC4763]  Vanderveen, M. and H. Soliman, "Extensible Authentication
              Protocol Method for Shared-secret Authentication and Key
              Establishment (EAP-SAKE)", RFC 4763, DOI 10.17487/RFC4763,
              November 2006, <https://www.rfc-editor.org/rfc/rfc4763>.

Acknowledgements

Contributors

Author's Address

   Lei YAN (editor)
   Huawei
   Ruanjiandadao Road
   Nanjing
   210000
   China
   Email: ray.yanlei@huawei.com












Yan                     Expires 5 September 2024                [Page 4]