Hi Abhijan, Thank you for the questions.
There is a one-to-one mapping between the EAP server and authenticator. The EAP server is determined by how the authenticator or local AAA server is configured. That is, the local network administrators can route access requests for “@eap-noob.org” to any server they choose. In our own setup, we have configured the RADIUS server at our local wireless network to trust another, remote RADIUS server for NAIs that end “@eap-noob.org”. That remote server handles EAP-NOOB for all the stations in our wireless network. Tuomas P.S. Sorry about the cross-posting. Let’s send the follow-ups only to s...@ietf.org<mailto:s...@ietf.org>. From: Abhijan Bhattacharyya [mailto:abhijan.bhattachar...@tcs.com] Sent: Monday, 15 February, 2016 09:31 To: Mohit Sethi <mohit.m.se...@ericsson.com> Cc: s...@ietf.org; emu@ietf.org; Aura Tuomas <tuomas.a...@aalto.fi>; 'c...@ietf.org' <c...@ietf.org>; 't2...@irtf.org' <t2...@irtf.org> Subject: Re: [saag] Fwd: New Version Notification for draft-aura-eap-noob-00.txt Hi Mohit, I was going through your draft. Looks to be a promising proposition. However, I have got a few questions first hand. The authenticator acts as a transparent node and forwards the packets to the server soon after the first message for EAP Identity request. In a typical network would a single authenticator map to several servers or the assumption is that there is always one to one mapping between server and authenticator? How does the authenticator associate itself to the server at the first place? What is the assumption regarding the underlying physical network and how the authenticator maps to the different nodes in the network (e.g. a router in a WiFi like setup)? Regards Abhijan Bhattacharyya Associate Consultant Scientist, Innovation Lab, Kolkata, India Tata Consultancy Services Mailto: abhijan.bhattachar...@tcs.com<mailto:abhijan.bhattachar...@tcs.com> Website: http://www.tcs.com<http://www.tcs.com/> ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ From: Mohit Sethi <mohit.m.se...@ericsson.com<mailto:mohit.m.se...@ericsson.com>> To: <s...@ietf.org<mailto:s...@ietf.org>>, <emu@ietf.org<mailto:emu@ietf.org>> Cc: tuomas.a...@aalto.fi<mailto:tuomas.a...@aalto.fi> Date: 02/08/2016 09:10 PM Subject: [saag] Fwd: New Version Notification for draft-aura-eap-noob-00.txt Sent by: "saag" <saag-boun...@ietf.org<mailto:saag-boun...@ietf.org>> ________________________________ Dear all We have just submitted a new IETF Draft titled “Nimble out-of-band authentication for EAP (EAP-NOOB)”. The draft defines an EAP method where the authentication is based on a user-assisted out-of-band (OOB) channel between the server and peer. It is intended as a generic bootstrapping solution for Internet-of-Things devices which have no pre-configured authentication credentials and which are not yet registered on the authentication server. Consider devices you just bought or borrowed. The EAP-NOOB method is more generic than most ad-hoc bootstrapping solutions in that it supports many types of OOB channels. We specify the exact in-band messages but only the OOB message contents and not the OOB channel details. Also, EAP-NOOB supports ubicomp devices with only output (e.g. display) or only input (e.g. camera). Moreover, it makes combined use of both secrecy and integrity of the OOB channel for more robust security than the ad-hoc solutions. We have put a lot of effort into designing a robust security protocol. For one application example, we have used an earlier version of the protocol for bootstrapping security for ubiquitous displays: the user can configure wireless network access, link the device to a cloud service, and register ownership of the device for a specific cloud user – all in one simple step of scanning a QR code with a smart phone. There seemed to more potential to this idea than just using it for our own system, and thus we decided to write a generic EAP method for out-of-band authentication. The draft is available here: https://tools.ietf.org/html/draft-aura-eap-noob-00 Please see if you can make use of it. We look forward to your feedback and comments. Regards /--Mohit -------- Forwarded Message -------- Subject: New Version Notification for draft-aura-eap-noob-00.txt Date: Mon, 08 Feb 2016 04:30:35 -0800 From: internet-dra...@ietf.org<mailto:internet-dra...@ietf.org> To: Tuomas Aura <tuomas.a...@aalto.fi<mailto:tuomas.a...@aalto.fi>>, Mohit Sethi <mo...@piuha.net<mailto:mo...@piuha.net>> A new version of I-D, draft-aura-eap-noob-00.txt has been successfully submitted by Tuomas Aura and posted to the IETF repository. Name: draft-aura-eap-noob Revision: 00 Title: Nimble out-of-band authentication for EAP (EAP-NOOB) Document date: 2016-02-08 Group: Individual Submission Pages: 35 URL:https://www.ietf.org/internet-drafts/draft-aura-eap-noob-00.txt Status:https://datatracker.ietf.org/doc/draft-aura-eap-noob/ Htmlized:https://tools.ietf.org/html/draft-aura-eap-noob-00 Abstract: Extensible Authentication Protocol (EAP) [RFC3748] provides support for multiple authentication methods. This document defines the EAP- NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. This EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have a minimal user interface and no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB channel between the peer device and authentication server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ saag mailing list s...@ietf.org<mailto:s...@ietf.org> https://www.ietf.org/mailman/listinfo/saag =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
