draft-kamath-pppext-peapv0-00.txt
来自「linux 下通过802.1认证的安装包」· 文本 代码 · 共 1,141 行 · 第 1/3 页
TXT
1,141 行
TLS finished) ->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
TLS finished)
EAP-Response/
EAP-Type=PEAP, V=0 ->
TLS channel established
(messages sent within the TLS channel)
Kamath, Palekar & Wodrich Informational [Page 13]
INTERNET-DRAFT PEAP Version 0 25 October 2002
<- EAP-Request/
Identity
EAP-Response/
Identity (MyID) ->
<- EAP-Request/
EAP-Type=X
EAP-Response/
EAP-Type=X or NAK ->
<- EAP-Request/
EAP-Type=X
EAP-Response/
EAP-Type=X ->
<- EAP-Request/
EAP-Type=Extensions
Result=Failure
EAP-Response/
EAP-Type=Extensions
Result=Failure ->
(TLS session cache entry flushed)
TLS channel torn down
(messages sent in clear-text)
<- EAP-Failure
In the case where server authentication is unsuccessful in PEAP Part 1,
the conversation will appear as follows:
Authenticating Peer Authenticator
------------------- -------------
<- EAP-Request/
Identity
EAP-Response/
Identity (MyID) ->
<- EAP-Request/
EAP-Type=PEAP, V=0
(PEAP Start)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS client_hello)->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS server_hello,
TLS certificate,
[TLS server_key_exchange,]
TLS server_hello_done)
EAP-Response/
Kamath, Palekar & Wodrich Informational [Page 14]
INTERNET-DRAFT PEAP Version 0 25 October 2002
EAP-Type=PEAP, V=0
(TLS client_key_exchange,
[TLS certificate_verify,]
TLS change_cipher_spec,
TLS finished) ->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
TLS finished)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
TLS finished)
<- EAP-Request/
EAP-Type=PEAP, V=0
EAP-Response/
EAP-Type=PEAP, V=0
(TLS Alert message) ->
<- EAP-Failure
(TLS session cache entry flushed)
In the case where a previously established session is being resumed,
the EAP server supports TLS session cache
flushing for unsuccessful PEAP Part 2 authentications and both sides
authenticate successfully, the conversation
will appear as follows:
Authenticating Peer Authenticator
------------------- -------------
<- EAP-Request/
Identity
EAP-Response/
Identity (MyID) ->
<- EAP-Request/
EAP-Type=PEAP,V=0
(PEAP Start)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS client_hello)->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS server_hello,
TLS change_cipher_spec
TLS finished)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
Kamath, Palekar & Wodrich Informational [Page 15]
INTERNET-DRAFT PEAP Version 0 25 October 2002
TLS finished) ->
<- EAP-Request/
EAP-Type=Extensions
Result=Success
EAP-Response/
EAP-Type=Extensions
Result=Success ->
TLS channel torn down
(messages sent in clear-text)
<- EAP-Success
In the case where a previously established session is being resumed, and the
server authenticates to the client successfully
but the client fails to authenticate to the server, the conversation
will appear as follows:
Authenticating Peer Authenticator
------------------- -------------
<- EAP-Request/
Identity
EAP-Response/
Identity (MyID) ->
<- EAP-Request/
EAP-Request/
EAP-Type=PEAP, V=0
(TLS Start)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS client_hello) ->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS server_hello,
TLS change_cipher_spec,
TLS finished)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
TLS finished) ->
<- EAP-Request
EAP-Type=PEAP, V=0
(TLS Alert message)
EAP-Response
EAP-Type=PEAP, V=0 ->
<- EAP-Failure
(TLS session cache entry flushed)
In the case where a previously established session is being resumed,
Kamath, Palekar & Wodrich Informational [Page 16]
INTERNET-DRAFT PEAP Version 0 25 October 2002
and the server authentication is unsuccessful,
the conversation will appear as follows:
Authenticating Peer Authenticator
------------------- -------------
<- EAP-Request/
Identity
EAP-Response/
Identity (MyID) ->
<- EAP-Request/
EAP-Request/
EAP-Type=PEAP, V=0
(TLS Start)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS client_hello)->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS server_hello,
TLS change_cipher_spec,
TLS finished)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
TLS finished)
<- EAP-Request/
EAP-Type=PEAP, V=0
EAP-Response/
EAP-Type=PEAP, V=0
(TLS Alert message) ->
(TLS session cache entry flushed)
<- EAP-Failure
In the case where the peer and authenticator have mismatched PEAP versions
(e.g. the peer has a pre-standard implementation
with version 0, and the authenticator has a Version 1 implementation,
but the authentication is unsuccessful, the conversation will occur as follows:
Authenticating Peer Authenticator
------------------- -------------
<- EAP-Request/
Identity
EAP-Response/
Identity (MyID) ->
<- EAP-Request/
EAP-Request/
EAP-Type=PEAP, V=1
Kamath, Palekar & Wodrich Informational [Page 17]
INTERNET-DRAFT PEAP Version 0 25 October 2002
(TLS Start)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS client_hello)->
<- EAP-Request/
EAP-Type=PEAP, V=0
(TLS server_hello,
TLS change_cipher_spec,
TLS finished)
EAP-Response/
EAP-Type=PEAP, V=0
(TLS change_cipher_spec,
TLS finished)
<- EAP-Request/
EAP-Type=PEAP, V=0
EAP-Response/
EAP-Type=PEAP, V=0
(TLS Alert message) ->
(TLS session cache entry flushed)
<- EAP-Failure
Acknowledgments
Thanks to Narendra Gidwani of Microsoft for useful discussions of this
problem space.
Author Addresses
Vivek Kamath
Ashwin Palekar
Mark Wodrich
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
Phone: +1 425 882 8080
EMail: {vivek, ashwinp, markwo}@microsoft.com
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to pertain
to the implementation or use of the technology described in this
document or the extent to which any license under such rights might or
might not be available; neither does it represent that it has made any
effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and standards-
Kamath, Palekar & Wodrich Informational [Page 18]
INTERNET-DRAFT PEAP Version 0 25 October 2002
related documentation can be found in BCP-11. Copies of claims of
rights made available for publication and any assurances of licenses to
be made available, or the result of an attempt made to obtain a general
license or permission for the use of such proprietary rights by
implementors or users of this specification can be obtained from the
IETF Secretariat.
The IETF invites any interested Party to bring to its attention any
copyrights, patents or patent applications, or other proprietary rights
which may cover technology that may be required to practice this
standard. Please address the information to the IETF Executive
Director.
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in Part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works. However, this document itself
may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English. The limited permissions granted above are
perpetual and will not be revoked by the Internet Society or its
successors or assigns. This document and the information contained
herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Expiration Date
This memo is filed as <draft-kamath-pppext-peapv0-00.txt>, and expires
April 23, 2002.
Kamath, Palekar & Wodrich Informational [Page 19]
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?