1 / 2

draft-badra-eap-double-tls-04.txt

draft-badra-eap-double-tls-04.txt. « EAP-Double-TLS Authentication Protocol » Pascal.Urien@enst.fr. Goal & news. Authentication with shared key, based on the TLS standard resume mode Session-id: client login Master-secret: client shared secret EAP-ID: session-id or session-id@server.com

maddy
Télécharger la présentation

draft-badra-eap-double-tls-04.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-badra-eap-double-tls-04.txt « EAP-Double-TLS Authentication Protocol » Pascal.Urien@enst.fr

  2. Goal & news • Authentication with shared key, based on the TLS standard resume mode • Session-id: client login • Master-secret: client shared secret • EAP-ID: session-id or session-id@server.com • Main idea: Ensuring user’s anonymity • A second TLS handshake or AVP mechanism may be used to modify the tuple (session-id, master-secret) • What is new • Draft clarification • First byte of the SessionID is used as second phase discriminator struct { opaque random_bytes<0..24>; SecondPhaseExchange second_phase_exchange<1..8>; } SessionID; SecondPhaseExchange None = { 0x00 }; SecondPhaseExchange TLS = { 0x01 }; SecondPhaseExchange TLS_RSA_anon = { 0x02 }; SecondPhaseExchange TLS_DH_anon = { 0x03 }; SecondPhaseExchange AVP = { 0x04 };

More Related