Appendix B. Major Differences from EAP-FAST
Dieser Abschnitt bewahrt den RFC-Text fuer TEAPv1, einschliesslich TLS tunnel establishment, tunneled authentication, TLV formats, cryptographic calculations, IANA registries, security considerations und examples.
Appendix B. Major Differences from EAP-FAST
This document is a new standard tunnel EAP method based on revision
of EAP-FAST version 1 [RFC4851] that contains improved flexibility,
particularly for negotiation of cryptographic algorithms. The major
changes are:
1. The EAP method name has been changed from EAP-FAST to TEAP; this
change thus requires that a new EAP Type be assigned.
2. This version of TEAP MUST support TLS 1.2 [RFC5246]. TLS 1.1 and
earlier MUST NOT be used with TEAP.
3. The key derivation now makes use of TLS keying material exporters
[RFC5705] and the PRF and hash function negotiated in TLS. This
is to simplify implementation and better support cryptographic
algorithm agility.
4. TEAP is in full conformance with the SessionTicket extension
[RFC5077].
5. Support is provided for passing optional Outer TLVs in the first
two message exchanges, in addition to the Authority-ID TLV data
in EAP-FAST.
6. Basic password authentication on the TLV level has been added in
addition to the existing inner EAP method.
7. Additional TLV types have been defined to support EAP channel
binding and metadata. They are the Identity-Type TLV and
Channel-Binding TLVs, defined in Section 4.2.