RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I also think this should be done in a working group. 

Joe  

> -----Original Message-----
> From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On 
> Behalf Of Bernard Aboba
> Sent: Wednesday, July 22, 2009 5:37 PM
> To: ietf@xxxxxxxx
> Subject: Re: Last Call: draft-harkins-emu-eap-pwd (EAP 
> Authentication UsingOnly A Password) to Proposed Standard
> 
> I would like to comment on the process aspect of this IETF 
> last call.  A subsequent post will provide comments on the protocol. 
>  
> Overall, I believe that the appropriate process for handling 
> this document is not to bring it to IETF last call as an 
> individual submission, but rather to charter a work item 
> within an IETF WG.  
>  
> There are two current EAP method drafts that are based on 
> zero-knowledge algorithms:
> 1. http://tools.ietf.org/html/draft-harkins-emu-eap-pwd (this 
> document)
> 2. http://tools.ietf.org/html/draft-sheffer-emu-eap-eke
>  
> Previously there was also an EAP method submission utilizing SRP:
> 3. http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03
>  
> All three of these documents were slated for inclusion on the 
> IETF standards track. 
>  
> Given the number of EAP method RFCs that have already been 
> published, I do not believe that it serves the Internet 
> community for the IETF to publish multiple EAP method 
> specifications of a similar genre on the Standards Track, 
> while bypassing the WG process.  
>  
> If the standardization of zero-knowledge algorithms is an 
> important area of work for the IETF (and I believe this to be 
> true), then work in this area should be chartered as a 
> working group work item, with the goal to select a single 
> method for standardization.  Prior to the EMU WG re-charter, 
> Dan Harkins made an argument for chartering of work in this 
> area.  His arguments were sound then, and they are (even 
> more) sound today.  However, Dan did not succeed in getting 
> the work added to the EMU WG charter.  It is time for the 
> IESG to re-consider its decision to delay standardization of 
> zero knowledge algorithms, which was made in the earlier part 
> of the decade.  If the EMU WG is not suitable for handling 
> this work, then another security area WG should be created 
> for the purpose.  
>  
>  
>  
>  
>  
> 
> 
_______________________________________________

Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]