{
  "draft": "draft-ietf-emu-aka-pfs-12",
  "doc_id": "RFC9678",
  "title": "Forward Secrecy Extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS)",
  "authors": [
    "J. Arkko",
    "K. Norrman",
    "J. Preu\u00df Mattsson"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "25",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "EAP Method Update",
  "abstract": "This document updates RFC 9048, \"Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')\", and its predecessor RFC 5448 with an optional extension providing ephemeral key exchange.  The extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, provides forward secrecy for the session keys generated as a part of the authentication run in EAP-AKA'.  This prevents an attacker who has gained access to the long-term key from obtaining session keys established in the past.  In addition, EAP-AKA' FS mitigates passive attacks (e.g., large-scale pervasive monitoring) against future sessions.  This forces attackers to use active attacks instead.",
  "pub_date": "March 2025",
  "keywords": [
    "EAP",
    "AKA",
    "AKA'",
    "EAP-AKA'",
    "EAP-AKA' FS",
    "3GPP"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [
    "RFC5448",
    "RFC9048"
  ],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9678",
  "errata_url": null
}