1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
Extensible Authentication Protocol (EAP) Registry
(last updated 2008-11-26)
Registries included below:
- Packet Codes
- EAP Initiate and Finish Attributes
- Method Types
- EAP-FAST TLV Types
- EAP-FAST Error-TLV Error-Codes
- EAP-FAST Request-Action TLV Action Code
- Message Types
- Re-authentication Cryptosuites
- EAP-TTLS AVP Usage
Registry Name: Packet Codes
Reference: [RFC3748]
Registration Procedure: Standards Action
Registry:
Value Description Reference
------- ------------------------ ---------
1 Request [RFC3748]
2 Response [RFC3748]
3 Success [RFC3748]
4 Failure [RFC3748]
5 Initiate [RFC5296]
6 Finish [RFC5296]
7-255 Unassigned
Registry Name: EAP Initiate and Finish Attributes
Reference: [RFC5296]
Registration Procedures: IETF Consensus
Registry:
Type Description Payload Type Reference
------- -------------------------- ------------ ---------
0 Reserved [RFC5296]
1 keyName-NAI TLV [RFC5296]
2 rRK Lifetime TV [RFC5296]
3 rMSK Lifetime TV [RFC5296]
4 Domain name TLV [RFC5296]
5 Cryptosuite list TLV [RFC5296]
6 Authorization Indication TLV [RFC5296]
7-127 Unassigned
128 Called-Station-Id TLV [RFC5296]
129 Calling-Station-Id TLV [RFC5296]
130 NAS-Identifier TLV [RFC5296]
131 NAS-IP-Address TLV [RFC5296]
132 NAS-IPv6-Address TLV [RFC5296]
133-191 Unassigned
192-255 Reserved for Private Use [RFC5296]
Registry Name: Method Types
Reference: [RFC3748]
Range Registration Procedures Notes
--------------- ------------------------------------------------- --------------------
1-191 Designated Expert with Specification Required
192-253 Standards Action
256-4294967295 Designated Expert with Specification Required See note '*'.
* Allocated after 1-191, on the advice of a designated expert, with specification required.
(Expert-EAP Working Group Chair or person designated by EAP Chair)
Registry:
Value Description Reference
-------------- ---------------------------------------------- ---------
0 Reserved
1 Identity [RFC3748]
2 Notification [RFC3748]
3 Legacy Nak [RFC3748]
4 MD5-Challenge [RFC3748]
5 One-Time Password (OTP) [RFC3748]
6 Generic Token Card (GTC) [RFC3748]
7 Allocated [RFC3748]
8 Allocated [RFC3748]
9 RSA Public Key Authentication [Whelan]
10 DSS Unilateral [Nace]
11 KEA [Nace]
12 KEA-VALIDATE [Nace]
13 EAP-TLS [Aboba]
14 Defender Token (AXENT) [Rosselli]
15 RSA Security SecurID EAP [Nyström]
16 Arcot Systems EAP [Jerdonek]
17 EAP-Cisco Wireless [Norman]
18 GSM Subscriber Identity Modules (EAP-SIM) [RFC4186]
19 SRP-SHA1 [Carlson]
20 Unassigned
21 EAP-TTLS [RFC5281]
22 Remote Access Service [Fields]
23 EAP-AKA Authentication [RFC4187]
24 EAP-3Com Wireless [Young]
25 PEAP [Palekar]
26 MS-EAP-Authentication [Palekar]
27 Mutual Authentication w/Key Exchange (MAKE) [Berrendonner]
28 CRYPTOCard [Webb]
29 EAP-MSCHAP-V2 [Potter]
30 DynamID [Merlin]
31 Rob EAP [Ullah]
32 Protected One-Time Password [RFC4793][Nystrom]
33 MS-Authentication-TLV [Palekar]
34 SentriNET [Kelleher]
35 EAP-Actiontec Wireless [Chang]
36 Cogent Systems Biometrics Authentication EAP [Xiong]
37 AirFortress EAP [Hibbard]
38 EAP-HTTP Digest [Tavakoli]
39 SecureSuite EAP [Clements]
40 DeviceConnect EAP [Pitard]
41 EAP-SPEKE [Zick]
42 EAP-MOBAC [Rixom]
43 EAP-FAST [RFC4851]
44 ZoneLabs EAP (ZLXEAP) [Bogue]
45 EAP-Link [Zick]
46 EAP-PAX [Clancy]
47 EAP-PSK [RFC4764]
48 EAP-SAKE [RFC4763]
49 EAP-IKEv2 [RFC5106]
50 EAP-AKA' [RFC-arkko-eap-aka-kdf-10.txt]
51-191 Unassigned [RFC3748]
192-253 Unassigned [RFC3748]
254 Reserved for the Expanded Type [RFC3748]
255 Experimental [RFC3748]
256-4294967295 Unassigned
Registry Name: EAP-FAST TLV Types (Value 43)
Reference: [RFC4851]
Registration Procedure: Specification Required
Registry:
Value Description Reference
------ ------------------------------ ---------
0 Reserved [RFC4851]
1 Reserved [RFC4851]
2 Reserved [RFC4851]
3 Result TLV [RFC4851]
4 NAK TLV [RFC4851]
5 Error TLV [RFC4851]
7 Vendor-Specific TLV [RFC4851]
9 EAP-Payload TLV [RFC4851]
10 Intermediate-Result TLV [RFC4851]
11 PAC TLV [draft-cam-winget-eap-fast-provisioning]
12 Crypto-Binding TLV [RFC4851]
18 Server-Trusted-Root TLV [draft-cam-winget-eap-fast-provisioning]
19 Request-Action TLV [RFC4851]
20 PKCS#7 TLV [draft-cam-winget-eap-fast-provisioning]
Sub-registry: EAP-FAST (value 43) Error-TLV (value 5) Error-Codes
Reference: [RFC4851]
Registration Procedure: Specification Required
Registry:
Value Description Reference
---------- ---------------------------------- ---------
2001 Tunnel_Compromise_Error [RFC4851]
2002 Unexpected_TLVs_Exchanged [RFC4851]
Sub-registry: EAP-FAST (value 43) Request-Action TLV (value 19) Action Codes
Reference: [RFC4851]
Registration Procedure: Specification Required
Registry:
Value Description Reference
---------- ---------------------------------- ---------
1 Process-TLV [RFC4851]
2 Negotiate-EAP [RFC4851]
Registry Name: Message Types
Reference: [RFC5296]
Registration Procedures: IETF Consensus
Registry:
Value Description Reference
------- ---------------------------------------------- ---------
0 Reserved [RFC5296]
1 Re-auth-Start, applies to Initiate Code only [RFC5296]
2 Re-auth, applies to Initiate and Finish Codes [RFC5296]
3-191 Unassigned
192-255 Reserved for Private Use [RFC5296]
Registry Name: Re-authentication Cryptosuites
Reference: [RFC5296]
Registration Procedures: IETF Consensus
Registry:
Value Description Reference
------- ---------------------------------------------- ---------
0 Reserved [RFC5296]
1 HMAC-SHA256-64 [RFC5296]
2 HMAC-SHA256-128 [RFC5296]
3 HMAC-SHA256-256 [RFC5296]
4-191 Unassigned
192-255 Reserved for Private Use [RFC5296]
Registry Name: EAP-TTLS AVP Usage
Reference: [RFC5281]
Registration Procedures: IETF Consensus
Note: The following table lists whether the AVP may appear in a
packet from server to client ("Request") and/or in a packet from
client to server ("Response"), and whether the AVP MUST be
implemented ("MI").
Registry:
Name Request Response MI Reference
----------------- ------- -------- -- ---------
User-Name X [RFC5281]
User-Password X [RFC5281]
CHAP-Password X [RFC5281]
Reply-Message X [RFC5281]
CHAP-Challenge X [RFC5281]
EAP-Message X X X [RFC5281]
MS-CHAP-Response X [RFC5281]
MS-CHAP-Error X [RFC5281]
MS-CHAP-NT-Enc-PW X [RFC5281]
MS-CHAP-Domain X [RFC5281]
MS-CHAP-Challenge X [RFC5281]
MS-CHAP2-Response X [RFC5281]
MS-CHAP2-Success X [RFC5281]
MS-CHAP2-CPW X [RFC5281]
References
----------
[RFC3748] L. Blunk, J. Vollbrecht, B. Aboba, J. Carlson, H. Levkowetz, Ed.
"Extensible Authentication Protocol (EAP)", RFC 3748, June 2004.
[RFC4186] H. Haverinen, Ed. and J. Salowey, Ed., "Extensible Authentication
Protocol Method for GSM Subscriber Identity Modules (EAP-SIM)",
RFC 4186, January 2006.
[RFC4187] J. Arkko and H. Haverinen, "Extensible Authentication Protocol
Method for UMTS Authentication and Key Agreement (EAP-AKA)",
RFC 4187, January 2006.
[RFC4763] M. Vanderveen and H. Soliman, "Extensible Authentication Protocol
Method for Shared-secret Authentication and Key Establishment (EAP-SAKE)",
RFC 4763, November 2006.
[RFC4764] F. Bersani and H. Tschofenig, "The EAP-PSK Protocol: a Pre-Shared
Key EAP Method", RFC 4764, January 2007.
[RFC4793] M. Nystrom, "The Protected One-Time Password Protocol (EAP-POTP)",
RFC 4793, February 2007.
[RFC4851] N. Cam-Winget, D. McGrew, J. Salowey and H. Zhou, "The Flexible
Authentication via Secure Tunneling Extensible Authentication Protocol
Method (EAP-FAST)", RFC 4851, May 2007.
[draft-cam-winget-eap-fast-provisioning]
Cam-Winget, N., "Dynamic Provisioning using EAP-FAST",
(work in progress), January 2007.
[RFC5106] H. Tschofenig, D. Kroeselberg, A. Pashalidis, Y. Ohba, F. Bersani,
"EAP-IKEv2 Method", RFC 5106, January 2008.
[RFC5216] D. Simon, B. Aboba, R. Hurst, "The EAP TLS Authentication Protocol",
RFC 5216, March 2008.
[RFC5296] V. Narayanan, L. Dondeti, "EAP Extensions for EAP Re-authentication
Protocol (ERP)", RFC 5296, August 2008.
[RFC5281] P. Funk, S. Blake-Wilson, "EAP Tunneled TLS Authentication Protocol
Version 0 (EAP-TTLSv0)", RFC 5281, August 2008.
[RFC-arkko-eap-aka-kdf-10.txt]
J. Arkko, V. Lehtovirta, P. Eronen, "Improved Extensible Authentication
Protocol Method for 3rd Generation Authentication and Key Agreement
(EAP-AKA')", RFC XXXX, Month Year.
People
------
[Berrendonner] Romain Berrendonner, <romain.berrendonner&sagem.com>, December 2001.
[Bogue] Darrin Bogue, <dbogue&zonelabs.com>, February 2004.
[Carlson] James Carlson, <james.d.carlson&east.sun.com>, January 1998,
June 1999, February 2001.
[Chang] Victor Chang, <vchang&actiontec.com>, June 2002.
[Clancy] T. Charles Clancy, <clancy&cs.umd.edu>, June 2005.
[Clements] Matt Clements, <matt&iosoftware.com>, February 2003.
[Fields] Steven Fields, <sfields&identix.com>, November 2001.
[Haverinen] Henry Haverinen, <henry.haverinen&nokia.com>, November 2000,
December 2001.
[Hibbard] Richard Hibbard, <rhibbard&fortresstech.com>, February 2003.
[Jerdonek] Rob Jerdonek, <rob&arcot.com>, May 2000.
[Josefsson] Simon Josefsson, <sjosefsson&rsasecurity.com>, March 2002.
[Kelleher] Joe Kelleher, <joe.kelleher&informer.co.uk>, April 2002.
[Merlin] Pascal Merlin, <pmerlin&scrypto.fr>, January 2002.
[Nace] William Nace, <wanace&missi.ncsc.mil>, December 1997
[Norman] Stuart Norman, <snorm&cisco.com>, November 2000.
[Nyström] Magnus Nyström, <magnus&rsasecurity.com>, 11 April 2006.
[Palekar] Ashwin Palekar, <ashwinpµsoft.com>, December 2001, April 2002.
[Pitard] David Pitard, <david_pitard&phoenix.com>, February 2003.
[Potter] Darran Potter, <dpotter&cisco.com>, January 2002.
[Rixom] Tom Rixom, <tom.rixom&alfa-ariss.com>, May 2003.
[Rosselli] Michael Rosselli, <mrosselli&axent.com>, January 1998.
[Tavakoli] Oliver K. Tavakoli, <radagast&funk.com>, February 2003.
[Ullah] Sana Ullah, <palash78&globalctg.net>, February 2002.
[Webb] Stephen M. Webb, <stephenw&cryptocard.com>, January 2002.
[Whelan] William Whelan, <bwhelan&nei.com>, December 1997.
[Xiong] John Xiong, <johnxiong&cogentsystems.com>, June 2002.
[Young] Albert Young, <albert_young&3com.com>, December 2001.
[Zick] Don Zick, <dzick&interlinknetworks.com>, February 2003, April 2004.
(registry created 2004-04-09)
[]
|
