📄 rfc2716.txt
字号:
RFC 2716 PPP EAP TLS Authentication Protocol October 1999 TLS certificate_verify, TLS change_cipher_spec, TLS finished) -> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) PPP EAP-Response/ EAP-Type=EAP-TLS -> <- PPP EAP-Request EAP-Type=EAP-TLS (TLS Alert message) PPP EAP-Response/ EAP-Type=EAP-TLS -> <- PPP EAP-Failure (User Disconnected) In the case where server authentication is unsuccessful, the conversation will appear as follows: Authenticating Peer Authenticator ------------------- ------------- <- PPP LCP Request-EAP auth PPP LCP ACK-EAP auth -> <- PPP EAP-Request/ Identity PPP EAP-Response/ Identity (MyID) -> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS Start) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS client_hello)-> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS server_hello, TLS certificate, [TLS server_key_exchange,] [TLS certificate_request,] TLS server_hello_done) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS certificate, TLS client_key_exchange, [TLS certificate_verify,]Aboba & Simon Experimental [Page 13]
RFC 2716 PPP EAP TLS Authentication Protocol October 1999 TLS change_cipher_spec, TLS finished) -> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) <- PPP EAP-Request/ EAP-Type=EAP-TLS PPP EAP-Response/ EAP-Type=EAP-TLS (TLS Alert message) -> <- PPP EAP-Failure (User Disconnected) In the case where a previously established session is being resumed, and both sides authenticate successfully, the conversation will appear as follows: Authenticating Peer Authenticator ------------------- ------------- <- PPP LCP Request-EAP auth PPP LCP ACK-EAP auth -> <- PPP EAP-Request/ Identity PPP EAP-Response/ Identity (MyID) -> <- PPP EAP-Request/ EAP-Request/ EAP-Type=EAP-TLS (TLS Start) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS client_hello)-> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS server_hello, TLS change_cipher_spec TLS finished)Aboba & Simon Experimental [Page 14]
RFC 2716 PPP EAP TLS Authentication Protocol October 1999 PPP EAP-Response/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) -> <- PPP EAP-Success PPP Authentication Phase complete, NCP Phase starts ECP negotiation CCP negotiation In the case where a previously established session is being resumed, and the server authenticates to the client successfully but the client fails to authenticate to the server, the conversation will appear as follows: Authenticating Peer Authenticator ------------------- ------------- <- PPP LCP Request-EAP auth PPP LCP ACK-EAP auth -> <- PPP EAP-Request/ Identity PPP EAP-Response/ Identity (MyID) -> <- PPP EAP-Request/ EAP-Request/ EAP-Type=EAP-TLS (TLS Start) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS client_hello) -> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS server_hello, TLS change_cipher_spec, TLS finished) PPP EA-Response/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) -> <- PPP EAP-Request EAP-Type=EAP-TLS (TLS Alert message)Aboba & Simon Experimental [Page 15]
RFC 2716 PPP EAP TLS Authentication Protocol October 1999 PPP EAP-Response EAP-Type=EAP-TLS -> <- PPP EAP-Failure (User Disconnected) In the case where a previously established session is being resumed, and the server authentication is unsuccessful, the conversation will appear as follows: Authenticating Peer Authenticator ------------------- ------------- <- PPP LCP Request-EAP auth PPP LCP ACK-EAP auth -> <- PPP EAP-Request/ Identity PPP EAP-Response/ Identity (MyID) -> <- PPP EAP-Request/ EAP-Request/ EAP-Type=EAP-TLS (TLS Start) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS client_hello)-> <- PPP EAP-Request/ EAP-Type=EAP-TLS (TLS server_hello, TLS change_cipher_spec, TLS finished) PPP EAP-Response/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) <- PPP EAP-Request/ EAP-Type=EAP-TLS PPP EAP-Response/ EAP-Type=EAP-TLS (TLS Alert message) -> <- PPP EAP-Failure (User Disconnected)Aboba & Simon Experimental [Page 16]
RFC 2716 PPP EAP TLS Authentication Protocol October 19994. Detailed description of the EAP-TLS protocol4.1. PPP EAP TLS Packet Format A summary of the PPP EAP TLS Request/Response packet format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code | Identifier | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Data... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Code 1 - Request 2 - Response Identifier The identifier field is one octet and aids in matching responses with requests. Length The Length field is two octets and indicates the length of the EAP packet including the Code, Identifier, Length, Type, and Data fields. Octets outside the range of the Length field should be treated as Data Link Layer padding and should be ignored on reception. Type 13 - EAP TLS Data The format of the Data field is determined by the Code field.Aboba & Simon Experimental [Page 17]
RFC 2716 PPP EAP TLS Authentication Protocol October 19994.2. PPP EAP TLS Request Packet A summary of the PPP EAP TLS Request packet format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code | Identifier | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Flags | TLS Message Length +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TLS Message Length | TLS Data... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Code 1 Identifier The Identifier field is one octet and aids in matching responses with requests. The Identifier field MUST be changed on each Request packet. Length The Length field is two octets and indicates the length of the EAP packet including the Code, Identifier, Length, Type, and TLS Response fields. Type 13 - EAP TLS Flags 0 1 2 3 4 5 6 7 8 +-+-+-+-+-+-+-+-+ |L M S R R R R R| +-+-+-+-+-+-+-+-+ L = Length included M = More fragments S = EAP-TLS start R = ReservedAboba & Simon Experimental [Page 18]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -