7 Network Working Group L. Blunk
8 Request for Comments: 2284 J. Vollbrecht
9 Category: Standards Track Merit Network, Inc.
15 PPP Extensible Authentication Protocol (EAP)
20 This document specifies an Internet standards track protocol for the
21 Internet community, and requests discussion and suggestions for
22 improvements. Please refer to the current edition of the "Internet
23 Official Protocol Standards" (STD 1) for the standardization state
24 and status of this protocol. Distribution of this memo is unlimited.
28 Copyright (C) The Internet Society (1998). All Rights Reserved.
32 The Point-to-Point Protocol (PPP) [1] provides a standard method for
33 transporting multi-protocol datagrams over point-to-point links.
35 PPP also defines an extensible Link Control Protocol, which allows
36 negotiation of an Authentication Protocol for authenticating its peer
37 before allowing Network Layer protocols to transmit over the link.
39 This document defines the PPP Extensible Authentication Protocol.
43 1. Introduction .......................................... 2
44 1.1 Specification of Requirements ................... 2
45 1.2 Terminology ..................................... 2
46 2. PPP Extensible Authentication Protocol (EAP) .......... 3
47 2.1 Configuration Option Format ..................... 4
48 2.2 Packet Format ................................... 6
49 2.2.1 Request and Response ............................ 6
50 2.2.2 Success and Failure ............................. 7
51 3. Initial EAP Request/Response Types .................... 8
52 3.1 Identity ........................................ 9
53 3.2 Notification .................................... 10
54 3.3 Nak ............................................. 10
58 Blunk & Vollbrecht Standards Track [Page 1]
60 RFC 2284 EAP March 1998
63 3.4 MD5-Challenge ................................... 11
64 3.5 One-Time Password (OTP) ......................... 11
65 3.6 Generic Token Card .............................. 12
66 REFERENCES ................................................... 13
67 ACKNOWLEDGEMENTS ............................................. 14
68 CHAIR'S ADDRESS .............................................. 14
69 AUTHORS' ADDRESSES ........................................... 14
70 Full Copyright Statement ..................................... 15
74 In order to establish communications over a point-to-point link, each
75 end of the PPP link must first send LCP packets to configure the data
76 link during Link Establishment phase. After the link has been
77 established, PPP provides for an optional Authentication phase before
78 proceeding to the Network-Layer Protocol phase.
80 By default, authentication is not mandatory. If authentication of
81 the link is desired, an implementation MUST specify the
82 Authentication-Protocol Configuration Option during Link
85 These authentication protocols are intended for use primarily by
86 hosts and routers that connect to a PPP network server via switched
87 circuits or dial-up lines, but might be applied to dedicated links as
88 well. The server can use the identification of the connecting host
89 or router in the selection of options for network layer negotiations.
91 This document defines the PPP Extensible Authentication Protocol
92 (EAP). The Link Establishment and Authentication phases, and the
93 Authentication-Protocol Configuration Option, are defined in The
94 Point-to-Point Protocol (PPP) [1].
96 1.1. Specification of Requirements
98 In this document, several words are used to signify the requirements
99 of the specification. These words are often capitalized. The key
100 words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
101 "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
102 are to be interpreted as described in RFC 2119 [6].
106 This document frequently uses the following terms:
114 Blunk & Vollbrecht Standards Track [Page 2]
116 RFC 2284 EAP March 1998
120 The end of the link requiring the authentication. The
121 authenticator specifies the authentication protocol to be
122 used in the Configure-Request during Link Establishment
126 The other end of the point-to-point link; the end which is
127 being authenticated by the authenticator.
130 This means the implementation discards the packet without
131 further processing. The implementation SHOULD provide the
132 capability of logging the error, including the contents of
133 the silently discarded packet, and SHOULD record the event
134 in a statistics counter.
137 This is interpreted to be a human readable string of
138 characters, and MUST NOT affect operation of the protocol.
139 The message encoding MUST follow the UTF-8 transformation
142 2. PPP Extensible Authentication Protocol (EAP)
144 The PPP Extensible Authentication Protocol (EAP) is a general
145 protocol for PPP authentication which supports multiple
146 authentication mechanisms. EAP does not select a specific
147 authentication mechanism at Link Control Phase, but rather postpones
148 this until the Authentication Phase. This allows the authenticator
149 to request more information before determining the specific
150 authentication mechanism. This also permits the use of a "back-end"
151 server which actually implements the various mechanisms while the PPP
152 authenticator merely passes through the authentication exchange.
154 1. After the Link Establishment phase is complete, the authenticator
155 sends one or more Requests to authenticate the peer. The Request
156 has a type field to indicate what is being requested. Examples of
157 Request types include Identity, MD5-challenge, One-Time
158 Passwords, Generic Token Card, etc. The MD5-challenge type
159 corresponds closely to the CHAP authentication protocol.
160 Typically, the authenticator will send an initial Identity Request
161 followed by one or more Requests for authentication information.
162 However, an initial Identity Request is not required, and MAY be
163 bypassed in cases where the identity is presumed (leased lines,
164 dedicated dial-ups, etc.).
170 Blunk & Vollbrecht Standards Track [Page 3]
172 RFC 2284 EAP March 1998
175 2. The peer sends a Response packet in reply to each Request. As
176 with the Request packet, the Response packet contains a type field
177 which corresponds to the type field of the Request.
179 3. The authenticator ends the authentication phase with a Success or
184 The EAP protocol can support multiple authentication mechanisms
185 without having to pre-negotiate a particular one during LCP Phase.
187 Certain devices (e.g. a NAS) do not necessarily have to understand
188 each request type and may be able to simply act as a passthrough
189 agent for a "back-end" server on a host. The device only need look
190 for the success/failure code to terminate the authentication phase.
194 EAP does require the addition of a new authentication type to LCP and
195 thus PPP implementations will need to be modified to use it. It also
196 strays from the previous PPP authentication model of negotiating a
197 specific authentication mechanism during LCP.
199 2.1. Configuration Option Format
201 A summary of the Authentication-Protocol Configuration Option format
202 to negotiate the EAP Authentication Protocol is shown below. The
203 fields are transmitted from left to right.
206 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
208 | Type | Length | Authentication-Protocol |
209 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
220 Authentication-Protocol
222 C227 (Hex) for PPP Extensible Authentication Protocol (EAP)
226 Blunk & Vollbrecht Standards Track [Page 4]
228 RFC 2284 EAP March 1998
233 Exactly one PPP EAP packet is encapsulated in the Information field
234 of a PPP Data Link Layer frame where the protocol field indicates
235 type hex C227 (PPP EAP). A summary of the EAP packet format is shown
236 below. The fields are transmitted from left to right.
239 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
241 | Code | Identifier | Length |
242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
249 The Code field is one octet and identifies the type of EAP packet.
250 EAP Codes are assigned as follows:
259 The Identifier field is one octet and aids in matching
260 responses with requests.
264 The Length field is two octets and indicates the length of the
265 EAP packet including the Code, Identifier, Length and Data
266 fields. Octets outside the range of the Length field should
267 be treated as Data Link Layer padding and should be ignored on
272 The Data field is zero or more octets. The format of the Data
273 field is determined by the Code field.
282 Blunk & Vollbrecht Standards Track [Page 5]
284 RFC 2284 EAP March 1998
287 2.2.1. Request and Response
291 The Request packet is sent by the authenticator to the peer. Each
292 Request has a type field which serves to indicate what is being
293 requested. The authenticator MUST transmit an EAP packet with the
294 Code field set to 1 (Request). Additional Request packets MUST be
295 sent until a valid Response packet is received, or an optional
296 retry counter expires. Retransmitted Requests MUST be sent with
297 the same Identifier value in order to distinguish them from new
298 Requests. The contents of the data field is dependent on the
299 Request type. The peer MUST send a Response packet in reply to a
300 Request packet. Responses MUST only be sent in reply to a
301 received Request and never retransmitted on a timer. The
302 Identifier field of the Response MUST match that of the Request.
304 Implementation Note: Because the authentication process will
305 often involve user input, some care must be taken when deciding
306 upon retransmission strategies and authentication timeouts. It
307 is suggested a retransmission timer of 6 seconds with a maximum
308 of 10 retransmissions be used as default. One may wish to make
309 these timeouts longer in certain cases (e.g. where Token Cards
310 are involved). Additionally, the peer must be prepared to
311 silently discard received retransmissions while waiting for
314 A summary of the Request and Response packet format is shown below.
315 The fields are transmitted from left to right.
318 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
320 | Code | Identifier | Length |
321 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
322 | Type | Type-Data ...
323 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
338 Blunk & Vollbrecht Standards Track [Page 6]
340 RFC 2284 EAP March 1998
345 The Identifier field is one octet. The Identifier field MUST be
346 the same if a Request packet is retransmitted due to a timeout
347 while waiting for a Response. Any new (non-retransmission)
348 Requests MUST modify the Identifier field. If a peer recieves a
349 duplicate Request for which it has already sent a Response, it
350 MUST resend it's Response. If a peer receives a duplicate Request
351 before it has sent a Response to the initial Request (i.e. it's
352 waiting for user input), it MUST silently discard the duplicate
357 The Length field is two octets and indicates the length of the EAP
358 packet including the Code, Identifier, Length, Type, and Type-Data
359 fields. Octets outside the range of the Length field should be
360 treated as Data Link Layer padding and should be ignored on
365 The Type field is one octet. This field indicates the Type of
366 Request or Response. Only one Type MUST be specified per EAP
367 Request or Response. Normally, the Type field of the Response
368 will be the same as the Type of the Request. However, there is
369 also a Nak Response Type for indicating that a Request type is
370 unacceptable to the peer. When sending a Nak in response to a
371 Request, the peer MAY indicate an alternative desired
372 authentication Type which it supports. An initial specification of
373 Types follows in a later section of this document.
377 The Type-Data field varies with the Type of Request and the
380 2.2.2. Success and Failure
384 The Success packet is sent by the authenticator to the peer to
385 acknowledge successful authentication. The authenticator MUST
386 transmit an EAP packet with the Code field set to 3 (Success).
388 If the authenticator cannot authenticate the peer (unacceptable
389 Responses to one or more Requests) then the implementation MUST
390 transmit an EAP packet with the Code field set to 4 (Failure). An
394 Blunk & Vollbrecht Standards Track [Page 7]
396 RFC 2284 EAP March 1998
399 authenticator MAY wish to issue multiple Requests before sending a
400 Failure response in order to allow for human typing mistakes.
402 Implementation Note: Because the Success and Failure packets
403 are not acknowledged, they may be potentially lost. A peer
404 MUST allow for this circumstance. The peer can use a Network
405 Protocol packet as an alternative indication of Success.
406 Likewise, the receipt of a LCP Terminate-Request can be taken
409 A summary of the Success and Failure packet format is shown below.
410 The fields are transmitted from left to right.
413 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
415 | Code | Identifier | Length |
416 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
427 The Identifier field is one octet and aids in matching replies to
428 Responses. The Identifier field MUST match the Indentifier field
429 of the Response packet that it is sent in response to.
435 3. Initial EAP Request/Response Types
437 This section defines the initial set of EAP Types used in
438 Request/Response exchanges. More Types may be defined in follow-on
439 documents. The Type field is one octet and identifies the structure
440 of an EAP Request or Response packet. The first 3 Types are
441 considered special case Types. The remaining Types define
442 authentication exchanges. The Nak Type is valid only for Response
443 packets, it MUST NOT be sent in a Request. The Nak Type MUST only be
450 Blunk & Vollbrecht Standards Track [Page 8]
452 RFC 2284 EAP March 1998
455 sent in repsonse to a Request which uses an authentication Type code.
456 All EAP implementatins MUST support Types 1-4. These Types, as well
457 as types 5 and 6, are defined in this document. Follow-on RFCs will
458 define additional EAP Types.
462 3 Nak (Response only)
464 5 One-Time Password (OTP) (RFC 1938)
471 The Identity Type is used to query the identity of the peer.
472 Generally, the authenticator will issue this as the initial
473 Request. An optional displayable message MAY be included to
474 prompt the peer in the case where there expectation of interaction
475 with a user. A Response MUST be sent to this Request with a Type
478 Implementation Note: The peer MAY obtain the Identity via user
479 input. It is suggested that the authenticator retry the
480 Indentity Request in the case of an invalid Identity or
481 authentication failure to allow for potential typos on the part
482 of the user. It is suggested that the Identity Request be
483 retried a minimum of 3 times before terminating the
484 authentication phase with a Failure reply. The Notification
485 Request MAY be used to indicate an invalid authentication
486 attempt prior to transmitting a new Identity Request
487 (optionally, the failure MAY be indicated within the message of
488 the new Identity Request itself).
496 This field MAY contain a displayable message in the Request. The
497 Response uses this field to return the Identity. If the Identity
498 is unknown, this field should be zero bytes in length. The field
499 MUST NOT be null terminated. The length of this field is derived
500 from the Length field of the Request/Response packet and hence a
501 null is not required.
506 Blunk & Vollbrecht Standards Track [Page 9]
508 RFC 2284 EAP March 1998
515 The Notification Type is optionally used to convey a displayable
516 message from the authenticator to the peer. The peer SHOULD
517 display this message to the user or log it if it cannot be
518 displayed. It is intended to provide an acknowledged notification
519 of some imperative nature. Examples include a password with an
520 expiration time that is about to expire, an OTP sequence integer
521 which is nearing 0, an authentication failure warning, etc. In
522 most circumstances, notification should not be required.
530 The Type-Data field in the Request contains a displayable message
531 greater than zero octets in length. The length of the message is
532 determined by Length field of the Request packet. The message
533 MUST not be null terminated. A Response MUST be sent in reply to
534 the Request with a Type field of 2 (Notification). The Type-Data
535 field of the Response is zero octets in length. The Response
536 should be sent immediately (independent of how the message is
537 displayed or logged).
543 The Nak Type is valid only in Response messages. It is sent in
544 reply to a Request where the desired authentication Type is
545 unacceptable. Authentication Types are numbered 4 and above.
546 The Response contains the authentication Type desired by the peer.
554 This field MUST contain a single octet indicating the desired
562 Blunk & Vollbrecht Standards Track [Page 10]
564 RFC 2284 EAP March 1998
571 The MD5-Challenge Type is analagous to the PPP CHAP protocol [3]
572 (with MD5 as the specified algorithm). The PPP Challenge
573 Handshake Authentication Protocol RFC [3] should be referred to
574 for further implementation specifics. The Request contains a
575 "challenge" message to the peer. A Repsonse MUST be sent in reply
576 to the Request. The Response MAY be either of Type 4 (MD5-
577 Challenge) or Type 3 (Nak). The Nak reply indicates the peer's
578 desired authentication mechanism Type. All EAP implementations
579 MUST support the MD5-Challenge mechanism.
587 The contents of the Type-Data field is summarized below. For
588 reference on the use of this fields see the PPP Challenge
589 Handshake Authentication Protocol [3].
592 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
593 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
594 | Value-Size | Value ...
595 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
599 3.5. One-Time Password (OTP)
603 The One-Time Password system is defined in "A One-Time Password
604 System" [4]. The Request contains a displayable message
605 containing an OTP challenge. A Repsonse MUST be sent in reply to
606 the Request. The Response MUST be of Type 5 (OTP) or Type 3
607 (Nak). The Nak reply indicates the peer's desired authentication
618 Blunk & Vollbrecht Standards Track [Page 11]
620 RFC 2284 EAP March 1998
625 The Type-Data field contains the OTP "challenge" as a displayable
626 message in the Request. In the Response, this field is used for
627 the 6 words from the OTP dictionary [4]. The messages MUST not be
628 null terminated. The length of the field is derived from the
629 Length field of the Request/Reply packet.
631 3.6. Generic Token Card
635 The Generic Token Card Type is defined for use with various Token
636 Card implementations which require user input. The Request
637 contains an ASCII text message and the Reply contains the Token
638 Card information necessary for authentication. Typically, this
639 would be information read by a user from the Token card device and
640 entered as ASCII text.
648 The Type-Data field in the Request contains a displayable message
649 greater than zero octets in length. The length of the message is
650 determined by Length field of the Request packet. The message
651 MUST not be null terminated. A Response MUST be sent in reply to
652 the Request with a Type field of 6 (Generic Token Card). The
653 Response contains data from the Token Card required for
654 authentication. The length is of the data is determined by the
655 Length field of the Response packet.
657 Security Considerations
659 Security issues are the primary topic of this RFC.
661 The interaction of the authentication protocols within PPP are highly
662 implementation dependent.
664 For example, upon failure of authentication, some implementations do
665 not terminate the link. Instead, the implementation limits the kind
666 of traffic in the Network-Layer Protocols to a filtered subset, which
667 in turn allows the user opportunity to update secrets or send mail to
668 the network administrator indicating a problem.
674 Blunk & Vollbrecht Standards Track [Page 12]
676 RFC 2284 EAP March 1998
679 There is no provision for retries of failed authentication. However,
680 the LCP state machine can renegotiate the authentication protocol at
681 any time, thus allowing a new attempt. It is recommended that any
682 counters used for authentication failure not be reset until after
683 successful authentication, or subsequent termination of the failed
686 There is no requirement that authentication be full duplex or that
687 the same protocol be used in both directions. It is perfectly
688 acceptable for different protocols to be used in each direction.
689 This will, of course, depend on the specific protocols negotiated.
691 In practice, within or associated with each PPP server, it is not
692 anticipated that a particular named user would be authenticated by
693 multiple methods. This would make the user vulnerable to attacks
694 which negotiate the least secure method from among a set (such as PAP
695 rather than EAP). Instead, for each named user there should be an
696 indication of exactly one method used to authenticate that user name.
697 If a user needs to make use of different authentication methods under
698 different circumstances, then distinct identities SHOULD be employed,
699 each of which identifies exactly one authentication method.
703 [1] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51,
706 [2] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2,
707 RFC 1700, October 1994.
709 [3] Simpson, W., "PPP Challenge Handshake Authentication Protocol
710 (CHAP)", RFC 1994, August 1996.
712 [4] Haller, N. and C. Metz, "A One-Time Password System", RFC 1938,
715 [5] Yergeau, F., "UTF-8, a transformation format of Unicode and ISO
716 10646", RFC 2044, October 1996.
718 [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
719 Levels", RFC 2119, March 1997.
730 Blunk & Vollbrecht Standards Track [Page 13]
732 RFC 2284 EAP March 1998
737 This protocol derives much of its inspiration from Dave Carrel's AHA
738 draft as well as the PPP CHAP protocol [3]. Bill Simpson provided
739 much of the boilerplate used throughout this document. Al Rubens
740 (Merit) also provided valuable feedback.
744 The working group can be contacted via the current chair:
747 Ascend Communications, Inc.
748 655 Metro Place South, Suite 370
751 EMail: karl@ascend.com
752 Phone: +1 614 760 4041
759 4251 Plymouth Rd., Suite C
769 4251 Plymouth Rd., Suite C
773 Phone: +1-313-763-1206
786 Blunk & Vollbrecht Standards Track [Page 14]
788 RFC 2284 EAP March 1998
791 Full Copyright Statement
793 Copyright (C) The Internet Society (1998). All Rights Reserved.
795 This document and translations of it may be copied and furnished to
796 others, and derivative works that comment on or otherwise explain it
797 or assist in its implementation may be prepared, copied, published
798 and distributed, in whole or in part, without restriction of any
799 kind, provided that the above copyright notice and this paragraph are
800 included on all such copies and derivative works. However, this
801 document itself may not be modified in any way, such as by removing
802 the copyright notice or references to the Internet Society or other
803 Internet organizations, except as needed for the purpose of
804 developing Internet standards in which case the procedures for
805 copyrights defined in the Internet Standards process must be
806 followed, or as required to translate it into languages other than
809 The limited permissions granted above are perpetual and will not be
810 revoked by the Internet Society or its successors or assigns.
812 This document and the information contained herein is provided on an
813 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
814 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
815 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
816 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
817 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
842 Blunk & Vollbrecht Standards Track [Page 15]