| rfc9820v4.txt | rfc9820.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) R. Marin-Lopez | Internet Engineering Task Force (IETF) R. Marin-Lopez | |||
| Request for Comments: 9820 University of Murcia | Request for Comments: 9820 University of Murcia | |||
| Category: Standards Track D. Garcia-Carrillo | Category: Standards Track D. Garcia-Carrillo | |||
| ISSN: 2070-1721 University of Oviedo | ISSN: 2070-1721 University of Oviedo | |||
| August 2025 | September 2025 | |||
| Authentication Service Based on the Extensible Authentication Protocol | Authentication Service Based on the Extensible Authentication Protocol | |||
| (EAP) for Use with the Constrained Application Protocol (CoAP) | (EAP) for Use with the Constrained Application Protocol (CoAP) | |||
| Abstract | Abstract | |||
| This document specifies an authentication service that uses the | This document specifies an authentication service that uses the | |||
| Constrained Application Protocol (CoAP) as a transport method to | Constrained Application Protocol (CoAP) as a transport method to | |||
| carry the Extensible Authentication Protocol (EAP). As such, it | carry the Extensible Authentication Protocol (EAP). As such, it | |||
| defines an EAP lower layer based on CoAP called "CoAP-EAP". One of | defines an EAP lower layer based on CoAP called "CoAP-EAP". One of | |||
| skipping to change at line 194 ¶ | skipping to change at line 194 ¶ | |||
| backend AAA infrastructure when EAP pass-through mode is used, which | backend AAA infrastructure when EAP pass-through mode is used, which | |||
| will place the EAP server in the AAA server that contains the | will place the EAP server in the AAA server that contains the | |||
| information required to authenticate the EAP peer. | information required to authenticate the EAP peer. | |||
| The protocol stack is described in Figure 2. CoAP-EAP is an | The protocol stack is described in Figure 2. CoAP-EAP is an | |||
| application built on top of CoAP. On top of the application, there | application built on top of CoAP. On top of the application, there | |||
| is an EAP state machine that can run any EAP method. In the case of | is an EAP state machine that can run any EAP method. In the case of | |||
| this specification, the EAP method MUST support key derivation and | this specification, the EAP method MUST support key derivation and | |||
| export as specified in [RFC5247]: an MSK of at least 64 octets and an | export as specified in [RFC5247]: an MSK of at least 64 octets and an | |||
| Extended Master Session Key (EMSK) of at least 64 octets. CoAP-EAP | Extended Master Session Key (EMSK) of at least 64 octets. CoAP-EAP | |||
| also relies on CoAP reliability mechanisms in CoAP to transport EAP: | also relies on CoAP reliability mechanisms to transport EAP: CoAP | |||
| CoAP over UDP with Confirmable messages [RFC7252] or CoAP over TCP, | over UDP with Confirmable messages [RFC7252] or CoAP over TCP, TLS, | |||
| TLS, or WebSockets [RFC8323]. | or WebSockets [RFC8323]. | |||
| +--------+ +--------------+ +----------+ | +--------+ +--------------+ +----------+ | |||
| | EAP | | EAP | | AAA/ | | | EAP | | EAP | | AAA/ | | |||
| | peer |<------>| authenticator|<----------->|EAP server| | | peer |<------>| authenticator|<----------->|EAP server| | |||
| +--------+ CoAP +--------------+ AAA +----------+ | +--------+ CoAP +--------------+ AAA +----------+ | |||
| (optional) | (optional) | |||
| <---- SCOPE OF THIS DOCUMENT ----> | <---- SCOPE OF THIS DOCUMENT ----> | |||
| Figure 1: CoAP-EAP Architecture | Figure 1: CoAP-EAP Architecture | |||
| End of changes. 2 change blocks. | ||||
| 4 lines changed or deleted | 4 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||