1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
|
Network Working Group L. Blunk
Request for Comments: 2284 J. Vollbrecht
Category: Standards Track Merit Network, Inc.
March 1998
PPP Extensible Authentication Protocol (EAP)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Abstract
The Point-to-Point Protocol (PPP) [1] provides a standard method for
transporting multi-protocol datagrams over point-to-point links.
PPP also defines an extensible Link Control Protocol, which allows
negotiation of an Authentication Protocol for authenticating its peer
before allowing Network Layer protocols to transmit over the link.
This document defines the PPP Extensible Authentication Protocol.
Table of Contents
1. Introduction .......................................... 2
1.1 Specification of Requirements ................... 2
1.2 Terminology ..................................... 2
2. PPP Extensible Authentication Protocol (EAP) .......... 3
2.1 Configuration Option Format ..................... 4
2.2 Packet Format ................................... 6
2.2.1 Request and Response ............................ 6
2.2.2 Success and Failure ............................. 7
3. Initial EAP Request/Response Types .................... 8
3.1 Identity ........................................ 9
3.2 Notification .................................... 10
3.3 Nak ............................................. 10
Blunk & Vollbrecht Standards Track [Page 1]
^L
RFC 2284 EAP March 1998
3.4 MD5-Challenge ................................... 11
3.5 One-Time Password (OTP) ......................... 11
3.6 Generic Token Card .............................. 12
REFERENCES ................................................... 13
ACKNOWLEDGEMENTS ............................................. 14
CHAIR'S ADDRESS .............................................. 14
AUTHORS' ADDRESSES ........................................... 14
Full Copyright Statement ..................................... 15
1. Introduction
In order to establish communications over a point-to-point link, each
end of the PPP link must first send LCP packets to configure the data
link during Link Establishment phase. After the link has been
established, PPP provides for an optional Authentication phase before
proceeding to the Network-Layer Protocol phase.
By default, authentication is not mandatory. If authentication of
the link is desired, an implementation MUST specify the
Authentication-Protocol Configuration Option during Link
Establishment phase.
These authentication protocols are intended for use primarily by
hosts and routers that connect to a PPP network server via switched
circuits or dial-up lines, but might be applied to dedicated links as
well. The server can use the identification of the connecting host
or router in the selection of options for network layer negotiations.
This document defines the PPP Extensible Authentication Protocol
(EAP). The Link Establishment and Authentication phases, and the
Authentication-Protocol Configuration Option, are defined in The
Point-to-Point Protocol (PPP) [1].
1.1. Specification of Requirements
In this document, several words are used to signify the requirements
of the specification. These words are often capitalized. The key
words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
are to be interpreted as described in RFC 2119 [6].
1.2. Terminology
This document frequently uses the following terms:
Blunk & Vollbrecht Standards Track [Page 2]
^L
RFC 2284 EAP March 1998
authenticator
The end of the link requiring the authentication. The
authenticator specifies the authentication protocol to be
used in the Configure-Request during Link Establishment
phase.
peer
The other end of the point-to-point link; the end which is
being authenticated by the authenticator.
silently discard
This means the implementation discards the packet without
further processing. The implementation SHOULD provide the
capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event
in a statistics counter.
displayable message
This is interpreted to be a human readable string of
characters, and MUST NOT affect operation of the protocol.
The message encoding MUST follow the UTF-8 transformation
format [5].
2. PPP Extensible Authentication Protocol (EAP)
The PPP Extensible Authentication Protocol (EAP) is a general
protocol for PPP authentication which supports multiple
authentication mechanisms. EAP does not select a specific
authentication mechanism at Link Control Phase, but rather postpones
this until the Authentication Phase. This allows the authenticator
to request more information before determining the specific
authentication mechanism. This also permits the use of a "back-end"
server which actually implements the various mechanisms while the PPP
authenticator merely passes through the authentication exchange.
1. After the Link Establishment phase is complete, the authenticator
sends one or more Requests to authenticate the peer. The Request
has a type field to indicate what is being requested. Examples of
Request types include Identity, MD5-challenge, One-Time
Passwords, Generic Token Card, etc. The MD5-challenge type
corresponds closely to the CHAP authentication protocol.
Typically, the authenticator will send an initial Identity Request
followed by one or more Requests for authentication information.
However, an initial Identity Request is not required, and MAY be
bypassed in cases where the identity is presumed (leased lines,
dedicated dial-ups, etc.).
Blunk & Vollbrecht Standards Track [Page 3]
^L
RFC 2284 EAP March 1998
2. The peer sends a Response packet in reply to each Request. As
with the Request packet, the Response packet contains a type field
which corresponds to the type field of the Request.
3. The authenticator ends the authentication phase with a Success or
Failure packet.
Advantages
The EAP protocol can support multiple authentication mechanisms
without having to pre-negotiate a particular one during LCP Phase.
Certain devices (e.g. a NAS) do not necessarily have to understand
each request type and may be able to simply act as a passthrough
agent for a "back-end" server on a host. The device only need look
for the success/failure code to terminate the authentication phase.
Disadvantages
EAP does require the addition of a new authentication type to LCP and
thus PPP implementations will need to be modified to use it. It also
strays from the previous PPP authentication model of negotiating a
specific authentication mechanism during LCP.
2.1. Configuration Option Format
A summary of the Authentication-Protocol Configuration Option format
to negotiate the EAP Authentication Protocol is shown below. The
fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Authentication-Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
3
Length
4
Authentication-Protocol
C227 (Hex) for PPP Extensible Authentication Protocol (EAP)
Blunk & Vollbrecht Standards Track [Page 4]
^L
RFC 2284 EAP March 1998
2.2. Packet Format
Exactly one PPP EAP packet is encapsulated in the Information field
of a PPP Data Link Layer frame where the protocol field indicates
type hex C227 (PPP EAP). A summary of the EAP packet format is shown
below. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ...
+-+-+-+-+
Code
The Code field is one octet and identifies the type of EAP packet.
EAP Codes are assigned as follows:
1 Request
2 Response
3 Success
4 Failure
Identifier
The Identifier field is one octet and aids in matching
responses with requests.
Length
The Length field is two octets and indicates the length of the
EAP packet including the Code, Identifier, Length and Data
fields. Octets outside the range of the Length field should
be treated as Data Link Layer padding and should be ignored on
reception.
Data
The Data field is zero or more octets. The format of the Data
field is determined by the Code field.
Blunk & Vollbrecht Standards Track [Page 5]
^L
RFC 2284 EAP March 1998
2.2.1. Request and Response
Description
The Request packet is sent by the authenticator to the peer. Each
Request has a type field which serves to indicate what is being
requested. The authenticator MUST transmit an EAP packet with the
Code field set to 1 (Request). Additional Request packets MUST be
sent until a valid Response packet is received, or an optional
retry counter expires. Retransmitted Requests MUST be sent with
the same Identifier value in order to distinguish them from new
Requests. The contents of the data field is dependent on the
Request type. The peer MUST send a Response packet in reply to a
Request packet. Responses MUST only be sent in reply to a
received Request and never retransmitted on a timer. The
Identifier field of the Response MUST match that of the Request.
Implementation Note: Because the authentication process will
often involve user input, some care must be taken when deciding
upon retransmission strategies and authentication timeouts. It
is suggested a retransmission timer of 6 seconds with a maximum
of 10 retransmissions be used as default. One may wish to make
these timeouts longer in certain cases (e.g. where Token Cards
are involved). Additionally, the peer must be prepared to
silently discard received retransmissions while waiting for
user input.
A summary of the Request and Response packet format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Type-Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Code
1 for Request;
2 for Response.
Blunk & Vollbrecht Standards Track [Page 6]
^L
RFC 2284 EAP March 1998
Identifier
The Identifier field is one octet. The Identifier field MUST be
the same if a Request packet is retransmitted due to a timeout
while waiting for a Response. Any new (non-retransmission)
Requests MUST modify the Identifier field. If a peer recieves a
duplicate Request for which it has already sent a Response, it
MUST resend it's Response. If a peer receives a duplicate Request
before it has sent a Response to the initial Request (i.e. it's
waiting for user input), it MUST silently discard the duplicate
Request.
Length
The Length field is two octets and indicates the length of the EAP
packet including the Code, Identifier, Length, Type, and Type-Data
fields. Octets outside the range of the Length field should be
treated as Data Link Layer padding and should be ignored on
reception.
Type
The Type field is one octet. This field indicates the Type of
Request or Response. Only one Type MUST be specified per EAP
Request or Response. Normally, the Type field of the Response
will be the same as the Type of the Request. However, there is
also a Nak Response Type for indicating that a Request type is
unacceptable to the peer. When sending a Nak in response to a
Request, the peer MAY indicate an alternative desired
authentication Type which it supports. An initial specification of
Types follows in a later section of this document.
Type-Data
The Type-Data field varies with the Type of Request and the
associated Response.
2.2.2. Success and Failure
Description
The Success packet is sent by the authenticator to the peer to
acknowledge successful authentication. The authenticator MUST
transmit an EAP packet with the Code field set to 3 (Success).
If the authenticator cannot authenticate the peer (unacceptable
Responses to one or more Requests) then the implementation MUST
transmit an EAP packet with the Code field set to 4 (Failure). An
Blunk & Vollbrecht Standards Track [Page 7]
^L
RFC 2284 EAP March 1998
authenticator MAY wish to issue multiple Requests before sending a
Failure response in order to allow for human typing mistakes.
Implementation Note: Because the Success and Failure packets
are not acknowledged, they may be potentially lost. A peer
MUST allow for this circumstance. The peer can use a Network
Protocol packet as an alternative indication of Success.
Likewise, the receipt of a LCP Terminate-Request can be taken
as a Failure.
A summary of the Success and Failure packet format is shown below.
The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code
3 for Success;
4 for Failure.
Identifier
The Identifier field is one octet and aids in matching replies to
Responses. The Identifier field MUST match the Indentifier field
of the Response packet that it is sent in response to.
Length
4
3. Initial EAP Request/Response Types
This section defines the initial set of EAP Types used in
Request/Response exchanges. More Types may be defined in follow-on
documents. The Type field is one octet and identifies the structure
of an EAP Request or Response packet. The first 3 Types are
considered special case Types. The remaining Types define
authentication exchanges. The Nak Type is valid only for Response
packets, it MUST NOT be sent in a Request. The Nak Type MUST only be
Blunk & Vollbrecht Standards Track [Page 8]
^L
RFC 2284 EAP March 1998
sent in repsonse to a Request which uses an authentication Type code.
All EAP implementatins MUST support Types 1-4. These Types, as well
as types 5 and 6, are defined in this document. Follow-on RFCs will
define additional EAP Types.
1 Identity
2 Notification
3 Nak (Response only)
4 MD5-Challenge
5 One-Time Password (OTP) (RFC 1938)
6 Generic Token Card
3.1. Identity
Description
The Identity Type is used to query the identity of the peer.
Generally, the authenticator will issue this as the initial
Request. An optional displayable message MAY be included to
prompt the peer in the case where there expectation of interaction
with a user. A Response MUST be sent to this Request with a Type
of 1 (Identity).
Implementation Note: The peer MAY obtain the Identity via user
input. It is suggested that the authenticator retry the
Indentity Request in the case of an invalid Identity or
authentication failure to allow for potential typos on the part
of the user. It is suggested that the Identity Request be
retried a minimum of 3 times before terminating the
authentication phase with a Failure reply. The Notification
Request MAY be used to indicate an invalid authentication
attempt prior to transmitting a new Identity Request
(optionally, the failure MAY be indicated within the message of
the new Identity Request itself).
Type
1
Type-Data
This field MAY contain a displayable message in the Request. The
Response uses this field to return the Identity. If the Identity
is unknown, this field should be zero bytes in length. The field
MUST NOT be null terminated. The length of this field is derived
from the Length field of the Request/Response packet and hence a
null is not required.
Blunk & Vollbrecht Standards Track [Page 9]
^L
RFC 2284 EAP March 1998
3.2. Notification
Description
The Notification Type is optionally used to convey a displayable
message from the authenticator to the peer. The peer SHOULD
display this message to the user or log it if it cannot be
displayed. It is intended to provide an acknowledged notification
of some imperative nature. Examples include a password with an
expiration time that is about to expire, an OTP sequence integer
which is nearing 0, an authentication failure warning, etc. In
most circumstances, notification should not be required.
Type
2
Type-Data
The Type-Data field in the Request contains a displayable message
greater than zero octets in length. The length of the message is
determined by Length field of the Request packet. The message
MUST not be null terminated. A Response MUST be sent in reply to
the Request with a Type field of 2 (Notification). The Type-Data
field of the Response is zero octets in length. The Response
should be sent immediately (independent of how the message is
displayed or logged).
3.3. Nak
Description
The Nak Type is valid only in Response messages. It is sent in
reply to a Request where the desired authentication Type is
unacceptable. Authentication Types are numbered 4 and above.
The Response contains the authentication Type desired by the peer.
Type
3
Type-Data
This field MUST contain a single octet indicating the desired
authentication type.
Blunk & Vollbrecht Standards Track [Page 10]
^L
RFC 2284 EAP March 1998
3.4. MD5-Challenge
Description
The MD5-Challenge Type is analagous to the PPP CHAP protocol [3]
(with MD5 as the specified algorithm). The PPP Challenge
Handshake Authentication Protocol RFC [3] should be referred to
for further implementation specifics. The Request contains a
"challenge" message to the peer. A Repsonse MUST be sent in reply
to the Request. The Response MAY be either of Type 4 (MD5-
Challenge) or Type 3 (Nak). The Nak reply indicates the peer's
desired authentication mechanism Type. All EAP implementations
MUST support the MD5-Challenge mechanism.
Type
4
Type-Data
The contents of the Type-Data field is summarized below. For
reference on the use of this fields see the PPP Challenge
Handshake Authentication Protocol [3].
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
3.5. One-Time Password (OTP)
Description
The One-Time Password system is defined in "A One-Time Password
System" [4]. The Request contains a displayable message
containing an OTP challenge. A Repsonse MUST be sent in reply to
the Request. The Response MUST be of Type 5 (OTP) or Type 3
(Nak). The Nak reply indicates the peer's desired authentication
mechanism Type.
Type
5
Blunk & Vollbrecht Standards Track [Page 11]
^L
RFC 2284 EAP March 1998
Type-Data
The Type-Data field contains the OTP "challenge" as a displayable
message in the Request. In the Response, this field is used for
the 6 words from the OTP dictionary [4]. The messages MUST not be
null terminated. The length of the field is derived from the
Length field of the Request/Reply packet.
3.6. Generic Token Card
Description
The Generic Token Card Type is defined for use with various Token
Card implementations which require user input. The Request
contains an ASCII text message and the Reply contains the Token
Card information necessary for authentication. Typically, this
would be information read by a user from the Token card device and
entered as ASCII text.
Type
6
Type-Data
The Type-Data field in the Request contains a displayable message
greater than zero octets in length. The length of the message is
determined by Length field of the Request packet. The message
MUST not be null terminated. A Response MUST be sent in reply to
the Request with a Type field of 6 (Generic Token Card). The
Response contains data from the Token Card required for
authentication. The length is of the data is determined by the
Length field of the Response packet.
Security Considerations
Security issues are the primary topic of this RFC.
The interaction of the authentication protocols within PPP are highly
implementation dependent.
For example, upon failure of authentication, some implementations do
not terminate the link. Instead, the implementation limits the kind
of traffic in the Network-Layer Protocols to a filtered subset, which
in turn allows the user opportunity to update secrets or send mail to
the network administrator indicating a problem.
Blunk & Vollbrecht Standards Track [Page 12]
^L
RFC 2284 EAP March 1998
There is no provision for retries of failed authentication. However,
the LCP state machine can renegotiate the authentication protocol at
any time, thus allowing a new attempt. It is recommended that any
counters used for authentication failure not be reset until after
successful authentication, or subsequent termination of the failed
link.
There is no requirement that authentication be full duplex or that
the same protocol be used in both directions. It is perfectly
acceptable for different protocols to be used in each direction.
This will, of course, depend on the specific protocols negotiated.
In practice, within or associated with each PPP server, it is not
anticipated that a particular named user would be authenticated by
multiple methods. This would make the user vulnerable to attacks
which negotiate the least secure method from among a set (such as PAP
rather than EAP). Instead, for each named user there should be an
indication of exactly one method used to authenticate that user name.
If a user needs to make use of different authentication methods under
different circumstances, then distinct identities SHOULD be employed,
each of which identifies exactly one authentication method.
References
[1] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51,
RFC 1661, July 1994.
[2] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2,
RFC 1700, October 1994.
[3] Simpson, W., "PPP Challenge Handshake Authentication Protocol
(CHAP)", RFC 1994, August 1996.
[4] Haller, N. and C. Metz, "A One-Time Password System", RFC 1938,
May 1996.
[5] Yergeau, F., "UTF-8, a transformation format of Unicode and ISO
10646", RFC 2044, October 1996.
[6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
Blunk & Vollbrecht Standards Track [Page 13]
^L
RFC 2284 EAP March 1998
Acknowledgments
This protocol derives much of its inspiration from Dave Carrel's AHA
draft as well as the PPP CHAP protocol [3]. Bill Simpson provided
much of the boilerplate used throughout this document. Al Rubens
(Merit) also provided valuable feedback.
Chair's Address
The working group can be contacted via the current chair:
Karl F. Fox
Ascend Communications, Inc.
655 Metro Place South, Suite 370
Dublin, Ohio 43017
EMail: karl@ascend.com
Phone: +1 614 760 4041
Fax: +1 614 760 4050
Authors' Addresses
Larry J. Blunk
Merit Network, Inc.
4251 Plymouth Rd., Suite C
Ann Arbor, MI 48105
EMail: ljb@merit.edu
Phone: 734-763-6056
FAX: 734-647-3185
John R. Vollbrecht
Merit Network, Inc.
4251 Plymouth Rd., Suite C
Ann Arbor, MI 48105
EMail: jrv@merit.edu
Phone: +1-313-763-1206
FAX: +1-734-647-3185
Blunk & Vollbrecht Standards Track [Page 14]
^L
RFC 2284 EAP March 1998
Full Copyright Statement
Copyright (C) The Internet Society (1998). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Blunk & Vollbrecht Standards Track [Page 15]
^L
|