ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication Using Only A Password) to Proposed Standard

2009-07-23 00:07:14
from [Glen Zorn] [Permanent Link] 
Bernard Aboba [mailto://Bernard(_dot_)Aboba(_at_)hotmail(_dot_)com]
<mailto:[mailto://Bernard(_dot_)Aboba(_at_)hotmail(_dot_)com%5d>  writes:

I would like to comment on the process aspect of this IETF last call.  A
subsequent post will provide comments on the protocol. 
 
Overall, I believe that the appropriate process for handling this document
is not to bring it to IETF last call as an individual submission, but rather
to charter a work item within an IETF WG.  
 
There are two current EAP method drafts that are based on zero-knowledge
algorithms:
1. http://tools.ietf.org/html/draft-harkins-emu-eap-pwd (this document)
2. http://tools.ietf.org/html/draft-sheffer-emu-eap-eke
 
Previously there was also an EAP method submission utilizing SRP:
3. http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03
 
All three of these documents were slated for inclusion on the IETF standards
track. 
 
Given the number of EAP method RFCs that have already been published, I do
not believe that it serves the Internet community for the IETF to publish
multiple EAP method specifications of a similar genre on the Standards
Track, while bypassing the WG process.  
 
If the standardization of zero-knowledge algorithms is an important area of
work for the IETF (and I believe this to be true), then work in this area
should be chartered as a working group work item, with the goal to select a
single method for standardization.  Prior to the EMU WG re-charter, Dan
Harkins made an argument for chartering of work in this area.  His arguments
were sound then, and they are (even more) sound today.  However, Dan did not
succeed in getting the work added to the EMU WG charter.  It is time for the
IESG to re-consider its decision to delay standardization of zero knowledge
algorithms, which was made in the earlier part of the decade.  If the EMU WG
is not suitable for handling this work, then another security area WG should
be created for the purpose.  

I think that this is a splendid idea.  Of course it's too late to schedule a
BoF in Stockholm, it would have to wait until Hiroshima.  If such an
activity were to be organized, might you be interested in reviving the SRP
work?

 

~ gwz

 

Half a loaf is better than no loafing at all.

  --T-Bone Slim


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication Using Only A Password) to Proposed Standard, Bernard Aboba
Next by Date:  Re: Last Call: draft-nottingham-http-link-header (Web Linking) to Proposed Standard, Mark Nottingham
Previous by Thread:  Re: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication Using Only A Password) to Proposed Standard, Bernard Aboba
Next by Thread:  RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Proposed Standard, Joseph Salowey (jsalowey)
Indexes:  [Date] [Thread] [Top] [All Lists]