Network Working Group                                          L. BlunkRequest for Comments: 2284                                J. VollbrechtCategory: Standards Track                           Merit Network, Inc.                                                             March 1998              PPP Extensible Authentication Protocol (EAP)Status of this Memo   This document specifies an Internet standards track protocol for the   Internet community, and requests discussion and suggestions for   improvements.  Please refer to the current edition of the "Internet   Official Protocol Standards" (STD 1) for the standardization state   and status of this protocol.  Distribution of this memo is unlimited.Copyright Notice   Copyright (C) The Internet Society (1998).  All Rights Reserved.Abstract   The Point-to-Point Protocol (PPP) [1] provides a standard method for   transporting multi-protocol datagrams over point-to-point links.   PPP also defines an extensible Link Control Protocol, which allows   negotiation of an Authentication Protocol for authenticating its peer   before allowing Network Layer protocols to transmit over the link.   This document defines the PPP Extensible Authentication Protocol.Table of Contents   1.     Introduction ..........................................    2      1.1       Specification of Requirements ...................    2      1.2       Terminology .....................................    2   2.     PPP Extensible Authentication Protocol (EAP) ..........    3      2.1       Configuration Option Format .....................    4      2.2       Packet Format ...................................    6         2.2.1  Request and Response ............................    6         2.2.2  Success and Failure .............................    7   3.     Initial EAP Request/Response Types ....................    8      3.1       Identity ........................................    9      3.2       Notification ....................................   10      3.3       Nak .............................................   10Blunk & Vollbrecht          Standards Track                     [Page 1]RFC 2284                          EAP                         March 1998      3.4       MD5-Challenge ...................................   11      3.5       One-Time Password (OTP) .........................   11      3.6       Generic Token Card ..............................   12   REFERENCES ...................................................   13   ACKNOWLEDGEMENTS .............................................   14   CHAIR'S ADDRESS ..............................................   14   AUTHORS' ADDRESSES ...........................................   14   Full Copyright Statement .....................................   151.  Introduction   In order to establish communications over a point-to-point link, each   end of the PPP link must first send LCP packets to configure the data   link during Link Establishment phase.  After the link has been   established, PPP provides for an optional Authentication phase before   proceeding to the Network-Layer Protocol phase.   By default, authentication is not mandatory.  If authentication of   the link is desired, an implementation MUST specify the   Authentication-Protocol Configuration Option during Link   Establishment phase.   These authentication protocols are intended for use primarily by   hosts and routers that connect to a PPP network server via switched   circuits or dial-up lines, but might be applied to dedicated links as   well.  The server can use the identification of the connecting host   or router in the selection of options for network layer negotiations.   This document defines the PPP Extensible Authentication Protocol   (EAP).  The Link Establishment and Authentication phases, and the   Authentication-Protocol Configuration Option, are defined in The   Point-to-Point Protocol (PPP) [1].1.1.  Specification of Requirements   In this document, several words are used to signify the requirements   of the specification.  These words are often capitalized.  The key   words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",   "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this document   are to be interpreted as described in RFC 2119 [6].1.2.  Terminology   This document frequently uses the following terms:Blunk & Vollbrecht          Standards Track                     [Page 2]RFC 2284                          EAP                         March 1998   authenticator             The end of the link requiring the authentication.  The             authenticator specifies the authentication protocol to be             used in the Configure-Request during Link Establishment             phase.   peer             The other end of the point-to-point link; the end which is             being authenticated by the authenticator.   silently discard             This means the implementation discards the packet without             further processing.  The implementation SHOULD provide the             capability of logging the error, including the contents of             the silently discarded packet, and SHOULD record the event             in a statistics counter.   displayable message             This is interpreted to be a human readable string of             characters, and MUST NOT affect operation of the protocol.             The message encoding MUST follow the UTF-8 transformation             format [5].2.  PPP Extensible Authentication Protocol (EAP)   The PPP Extensible Authentication Protocol (EAP)  is a general   protocol for PPP authentication which supports multiple   authentication mechanisms.  EAP does not select a specific   authentication mechanism at Link Control Phase, but rather postpones   this until the Authentication Phase.  This allows the authenticator   to request more information before determining the specific   authentication mechanism.  This also permits the use of a "back-end"   server which actually implements the various mechanisms while the PPP   authenticator merely passes through the authentication exchange.   1. After the Link Establishment phase is complete, the authenticator      sends one or more Requests to authenticate the peer.  The Request      has a type field to indicate what is being requested.  Examples of      Request types include Identity,  MD5-challenge, One-Time      Passwords, Generic Token Card, etc.  The MD5-challenge type      corresponds closely to the CHAP authentication protocol.      Typically, the authenticator will send an initial Identity Request      followed by one or more Requests for authentication information.      However, an initial Identity Request is not required, and MAY be      bypassed in cases where the identity is presumed (leased lines,      dedicated dial-ups, etc.).Blunk & Vollbrecht          Standards Track                     [Page 3]RFC 2284                          EAP                         March 1998   2. The peer sends a Response packet in reply to each Request.  As      with the Request packet, the Response packet contains a type field      which corresponds to the type field of the Request.   3. The authenticator ends the authentication phase with a Success or      Failure packet.Advantages   The EAP protocol can support multiple authentication mechanisms   without having to pre-negotiate a particular one during LCP Phase.   Certain devices (e.g. a NAS) do not necessarily have to understand   each request type and may be able to simply act as a passthrough   agent for a "back-end" server on a host.  The device only need look   for the success/failure code to terminate the authentication phase.Disadvantages   EAP does require the addition of a new authentication type to LCP and   thus PPP implementations will need to be modified to use it.  It also   strays from the previous PPP authentication model of negotiating a   specific authentication mechanism during LCP.2.1.  Configuration Option Format   A summary of the Authentication-Protocol Configuration Option format   to negotiate the EAP Authentication Protocol is shown below.  The   fields are transmitted from left to right.    0                   1                   2                   3    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |     Type      |    Length     |     Authentication-Protocol   |   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   Type      3   Length      4   Authentication-Protocol      C227 (Hex) for PPP Extensible Authentication Protocol (EAP)Blunk & Vollbrecht          Standards Track                     [Page 4]RFC 2284                          EAP                         March 19982.2.  Packet Format   Exactly one PPP EAP packet is encapsulated in the Information field   of a PPP Data Link Layer frame where the protocol field indicates   type hex C227 (PPP EAP).  A summary of the EAP packet format is shown   below.  The fields are transmitted from left to right.    0                   1                   2                   3    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |     Code      |  Identifier   |            Length             |   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |    Data ...   +-+-+-+-+   Code      The Code field is one octet and identifies the type of EAP packet.      EAP Codes are assigned as follows:         1       Request         2       Response         3       Success         4       Failure   Identifier          The Identifier field is one octet and aids in matching          responses with requests.   Length          The Length field is two octets and indicates the length of the          EAP packet including the Code, Identifier, Length and Data          fields.  Octets outside the range of the Length field should          be treated as Data Link Layer padding and should be ignored on          reception.   Data          The Data field is zero or more octets.  The format of the Data          field is determined by the Code field.Blunk & Vollbrecht          Standards Track                     [Page 5]RFC 2284                          EAP                         March 19982.2.1.  Request and Response   Description      The Request packet is sent by the authenticator to the peer.  Each      Request has a type field which serves to indicate what is being      requested.  The authenticator MUST transmit an EAP packet with the      Code field set to 1 (Request).  Additional Request packets MUST be      sent until a valid Response packet is received, or an optional      retry counter expires.  Retransmitted Requests MUST be sent with      the same Identifier value in order to distinguish them from new      Requests.  The contents of the data field is dependent on the      Request type.  The peer MUST send a Response packet in reply to a      Request packet.  Responses MUST only be sent in reply to a      received Request and never retransmitted on a timer.  The      Identifier field of the Response MUST match that of the Request.         Implementation Note: Because the authentication process will         often involve user input, some care must be taken when deciding         upon retransmission strategies and authentication timeouts.  It         is suggested a retransmission timer of 6 seconds with a maximum         of 10 retransmissions be used as default.  One may wish to make         these timeouts longer in certain cases (e.g. where Token Cards         are involved).  Additionally, the peer must be prepared to         silently discard received retransmissions while waiting for         user input.   A summary of the Request and Response packet format is shown below.   The fields are transmitted from left to right.    0                   1                   2                   3    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |     Code      |  Identifier   |            Length             |   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |     Type      |  Type-Data ...   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-   Code      1 for Request;      2 for Response.Blunk & Vollbrecht          Standards Track                     [Page 6]RFC 2284                          EAP                         March 1998   Identifier      The Identifier field is one octet.  The Identifier field MUST be      the same if a Request packet is retransmitted due to a timeout      while waiting for a Response.  Any new (non-retransmission)      Requests MUST modify the Identifier field.  If a peer recieves a      duplicate Request for which it has already sent a Response, it      MUST resend it's Response.  If a peer receives a duplicate Request      before it has sent a Response to the initial Request (i.e. it's      waiting for user input), it MUST silently discard the duplicate      Request.   Length      The Length field is two octets and indicates the length of the EAP      packet including the Code, Identifier, Length, Type, and Type-Data      fields.  Octets outside the range of the Length field should be      treated as Data Link Layer padding and should be ignored on      reception.   Type      The Type field is one octet.  This field indicates the Type of      Request or Response.  Only one Type MUST be specified per EAP      Request or Response.  Normally, the Type field of the Response      will be the same as the Type of the Request.  However, there is      also a Nak Response Type for indicating that a Request type is      unacceptable to the peer.  When sending a Nak in response to a      Request, the peer MAY indicate an alternative desired      authentication Type which it supports. An initial specification of      Types follows in a later section of this document.   Type-Data      The Type-Data field varies with the Type of Request and the      associated Response.2.2.2.  Success and Failure   Description      The Success packet is sent by the authenticator to the peer to      acknowledge successful authentication.  The authenticator MUST      transmit an EAP packet with the Code field set to 3 (Success).      If the authenticator cannot authenticate the peer (unacceptable      Responses to one or more Requests) then the implementation MUST      transmit an EAP packet with the Code field set to 4 (Failure).  AnBlunk & Vollbrecht          Standards Track                     [Page 7]RFC 2284                          EAP                         March 1998      authenticator MAY wish to issue multiple Requests before sending a      Failure response in order to allow for human typing mistakes.         Implementation Note: Because the Success and Failure packets         are not acknowledged, they may be potentially lost.  A peer         MUST allow for this circumstance.  The peer can use a Network         Protocol packet as an alternative indication of Success.         Likewise, the receipt of a LCP Terminate-Request can be taken         as a Failure.   A summary of the Success and Failure packet format is shown below.   The fields are transmitted from left to right.    0                   1                   2                   3    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   |     Code      |  Identifier   |            Length             |   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+   Code      3 for Success;