Nimble Out-of-Band Authentication for EAP
RFC 9140, “Nimble Out-of-Band Authentication for EAP”, is a Proposed Standard document published in December 2021 by T. Aura, M. Sethi, A. Peltonen. It has since been updated by RFC 9965. The canonical text is published by the RFC Editor.
Abstract
The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no preconfigured authentication credentials. The method makes use of a user-assisted, one-directional, out-of-band (OOB) message between the peer device and authentication server to authenticate the in-band key exchange. The device must have a nonnetwork input or output interface, such as a display, microphone, speaker, or blinking light, that can send or receive dynamically generated messages of tens of bytes in length.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9140 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9139 Information-Centric Networking Adaptation to Low-Power Wireless Personal Area Networks
- RFC 9141 Updating References to the IETF FTP Service
- RFC 9138 Design Considerations for Name Resolution Service in Information- Centric Networking
- RFC 9137 Considerations for Cancellation of IETF Meetings
- RFC 9136 IP Prefix Advertisement in Ethernet VPN
- RFC 9144 Comparison of Network Management Datastore Architecture Datastores
- RFC 9135 Integrated Routing and Bridging in Ethernet VPN
- RFC 9145 Integrity Protection for the Network Service Header and Encryption of Sensitive Context Headers