I think this a significant I-D which could be, in a few years, be the way in which security is done in the Internet. But I also think it understates its achievements in the Abstract and that it may be inaccessible to those who would use it, those who are not also security experts. The Abstract refers to an approach 'which has various performance benefits'. Rather, I think that is solves a - the? - problem of Internet security, that encryption is easy and authentication is difficult and the mantra of security is that sound authentication must come first. This approach offers a way out of that impasse. But it is not clear that this is the case. I think that to get the benefits of this idea the I-D should have a non-normative section showing how it can be applied to some well understood application, using a well-understood lower secure layer (ie TLS or SSH, not IPsec) showing the outline protocol flow and infrastructure dependencies. Otherwise those who would benefit from it - isms, netconf, syslog, ... ? - will not understand what they might do. I appreciate that something of this ilk has been around for a while (eg as when Ira McDonald pointed the isms list at draft-puthenkulam-eap-binding-04.txt) but I think that it got no traction because of its impenetrability. Tom Petch ----- Original Message ----- From: "The IESG" <iesg-secretary@xxxxxxxx> To: "IETF-Announce" <ietf-announce@xxxxxxxx> Sent: Wednesday, March 14, 2007 4:44 PM Subject: Last Call: draft-williams-on-channel-binding (On the Use of Channel Bindings to Secure Channels) to Proposed Standard > The IESG has received a request from an individual submitter to consider > the following document: > > - 'On the Use of Channel Bindings to Secure Channels ' > <draft-williams-on-channel-binding-01.txt> as a Proposed Standard > > The introduction of this draft implies that the facility being > discussed applies only to GSS-API. That is not the case and the rest > of the draft is clear on this point; this draft proposes to generalize > and clarify a facility that exists today in GSS-API both for GSS-API > use and for other authentication frameworks. > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@xxxxxxxx mailing lists by 2007-04-11. Exceptionally, > comments may be sent to iesg@xxxxxxxx instead. In either case, please > retain the beginning of the Subject line to allow automated sorting. > > The file can be obtained via > http://www.ietf.org/internet-drafts/draft-williams-on-channel-binding-01.txt > > > IESG discussion can be tracked via > https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=15078&rf c_flag=0 > > > _______________________________________________ > IETF-Announce mailing list > IETF-Announce@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf-announce _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf