I object to this document being published as a Proposed Standard. When this document was discussed in the EMU meeting at IETF-71 there was much concern raised with respect to existing IPR in the area of secure password methods used by this draft. Additionally, soon after its initial publication and announcement on the CFRG list, flaws were found with the draft. The authors were very responsive in addressing the issues, but this points out that the algorithms used in this draft have had less review than other secure password mechanisms developed over the years. Another approach to a secure password only EAP method, EAP-EKE, has been proposed in draft-sheffer-emu-eap-eke-02. This method is based on EKE, which is already in use, has a long history of review, and has much better understood IPR considerations. Given that there is an alternative to consider I do not support publishing EAP-PWD in the standards track. Joe > -----Original Message----- > From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On > Behalf Of Glen Zorn > Sent: Tuesday, July 21, 2009 7:01 AM > To: iesg-secretary@xxxxxxxx > Cc: iesg-secretary@xxxxxxxx; ietf@xxxxxxxx > Subject: RE: Last Call: draft-harkins-emu-eap-pwd (EAP > Authentication UsingOnly A Password) to Informational RFC > > It's come to my attention that there is an error in the above > referenced announcement > (http://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=934&k2=675 > 9&tid=12481845 > 60). The announcement says "The IESG has received a request > from an individual submitter to consider the following > document: - 'EAP Authentication Using Only A Password ' as an > Informational RFC" but this statement is false: the IESG > received a request to publish the draft as a Proposed > Standard. The intended status is clearly indicated in the > first page header (reproduced below). Please correct this > error and issue the corrected announcement as soon as > possible. Thank you. > > Network Working Group > D. Harkins > Internet-Draft > Aruba Networks > Intended status: Standards Track > G. Zorn > Expires: December 31, 2009 > NetCube > > June 29, 2009 > > > EAP Authentication Using Only A Password > draft-harkins-emu-eap-pwd-04 > > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf > _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf