The EMU working group has a liaison request from IEEE 802.11u on EAP methods for emergency calls. The liaison request can be found on the liaison statement page, https://datatracker.ietf.org/liaison/ (May 2007). We had a presentations and discussion of this topic at the Chicago EMU meeting. Below is a draft response based on the discussion in the meeting. It would be good to have comments on or approval of the text by Monday, October 1, so a revised response can be created to be sent as a response to the IEEE.
============================================================== 802.11u Liaison response for EAP Methods for Emergency Communications We have had discussion of EAP method for Emergency services at the last IETF meeting in Chicago. The following is a summary of working group discussion on this topic. Currently there are no standards track EAP methods that meet the requirements as understood by the EMU working group. There are several possible candidates of existing EAP methods that may meet or be slightly modified to meet some of the 802.11u requirements for emergency services, especially if minimal latency is not the strongest requirement. TTLS (draft-funk-eap-ttls-v0-01.txt) and EAP-FAST (RFC4851) are TLS based methods that can support server only authentication. It was also pointed out that EAP-TLS (draft-simon-emu-rfc2716bis-11.txt) could be modified to create a new EAP method that only requires server side authentication. In order to truly support emergency services these methods would need to forego server certificate validation which negates much of the security they provide by allowing man-in-the-middle attacks. These TLS based methods also require a significant number of round trips that may not be acceptable for emergency communication. There were also several questions raised in the working group during the discussion that might help in further determining the best approach. These are summarized below: 1) It is not clear how to make the tradeoff between security and low-latency. If there is not existing trust relationship there are limits as to what security properties can be provided. What security properties are desirable and what is the tolerance for extra-round trips for the communication? 2) PSK was described as having worse DOS resistance properties that EAP. It seems that in many cases EAP would have worse DOS resistance that PSK, which cases is EAP better? 3) It seems that most public access networks already provide an open access network, why couldn't this network be used for emergency communication? 4) What regulatory requirements are driving the need for encryption? This creates some conflicts because encryption without authentication does not satisfy most useful security requirements. As the 802.11u group is certainly aware, there are other groups within the IETF that are looking at unauthenticated emergency services. In particular, the ECRIT group within the IETF has ongoing work in this area: http://tools.ietf.org/html/draft-schulzrinne-ecrit-unauthenticated-acces s-00 We encourage IEEE working group members to continue the discussion with the IETF in the EMU and the ECRIT working groups. _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
