RFC 4793:The EAP Protected One-Time Password Proto...
RFC-Ref

1 - 2 - 3 - 4 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X

client

Click on the red underlined text to get to the source

1. Introduction
... The basic variant of this method provides client authentication only. This mode is only to be used within a secured tunnel. A more ...


3. Authentication Model
... the EAP server to the EAP client) and establish keying material. ...
... described here: o A client, or "peer", using EAP terminology, acting on behalf of a user possessing an OTP ...
... RADIUS [15] is a typical choice. It is assumed that the EAP client and the peer are located on the same host, and hence only the term ...


4. Description of the EAP-POTP Method
... EAP-Request in the session. (The two exceptions to this are 1) if the client attempted a session resumption that failed and therefore did not evaluate a sent Crypto Algorithm ...
... Crypto Algorithm TLV was part of the initial message from the EAP server, and the client negotiated another EAP-POTP version than the ...
... iterated hashes in the PBKDF2 function. Another is for the client to include a value ("pepper") unknown to the attacker in the hash ...
... TLV with the T bit set. Note that client policy may prohibit PIN-less calculations; in these cases, the client MAY respond with an empty POTP-X ...
... client policy may prohibit PIN-less calculations; in these cases, the client MAY respond with an empty POTP-X EAP response message ...
... integer represents the maximum length (in bits) of a client-generated pepper the server is prepared to search for. Peers MUST NOT generate peppers ...
... EAP server's suggested parameters would result in a lower security than the client's acceptable policy. If the security given by the EAP server ...
... EAP server's provided policy parameters surpasses the security level given by the peer's local policy, the client SHOULD use the server's parameters (subject to reason - active attackers ...
... TLV was part of the initial message from the EAP server, and the client negotiated another EAP- POTP version ...


12. Appendix B. Examples of EAP-POTP Exchanges
... User Identifier TLV. The client is able to reuse an older pepper. The server sends a new pepper for subsequent use in its Confirm TLV. ...
... The server suggests some non-default cryptographic algorithms, but the client only supports the default ones. Peer EAP server ...

1 - 2 - 3 - 4 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org