Sorry, I should've asked this before but I'm sometimes dumb:-) If I put in an RFC editor note adding a normative reference to the new EAP applicability statement [1] would that sort this out and not cause any problems for anyone? S. [1] http://tools.ietf.org/html/draft-winter-abfab-eapapplicability On 06/26/2012 08:14 PM, Sam Hartman wrote: > > EAP (RFC 3748) has a applicability statement scoped very strictly to > network access. > This document provides a mechanism that falls well outside that > applicability statement and permits the use of EAP for general > application authentication. > > When ABFAB was chartered, there was a charter item to update the EAP > applicability statement. I think A number of people in the room at the > BOF, including myself, would have objected to the work being chartered > had that charter item not been present. > > I think that work is important because I believe there are a number of > important concerns that apply to the use of EAP for authentication > beyond network access that need to be documented. > > Unfortunately, the technical specification has gotten ahead of the > applicability statement update. > I'm OK with that provided that we're still firmly committed to an > applicability statement update. As part of approving this document now, > I want to confirm that we have consensus at least within the ABFAB > working group and the IESG to do that update. > If there is any doubt I'd far prefer that this document be held until > the applicability statement catches up. > > --Sam >