I object to this document being published as a Proposed Standard. When
this document was discussed in the EMU meeting at IETF-71 there was much
concern raised with respect to existing IPR in the area of secure
password methods used by this draft. Additionally, soon after its
initial publication and announcement on the CFRG list, flaws were found
with the draft. The authors were very responsive in addressing the
issues, but this points out that the algorithms used in this draft have
had less review than other secure password mechanisms developed over the
years. Another approach to a secure password only EAP method, EAP-EKE,
has been proposed in draft-sheffer-emu-eap-eke-02. This method is based
on EKE, which is already in use, has a long history of review, and has
much better understood IPR considerations. Given that there is an
alternative to consider I do not support publishing EAP-PWD in the
standards track.
Joe
-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On
Behalf Of Glen Zorn
Sent: Tuesday, July 21, 2009 7:01 AM
To: iesg-secretary(_at_)ietf(_dot_)org
Cc: iesg-secretary(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org
Subject: RE: Last Call: draft-harkins-emu-eap-pwd (EAP
Authentication UsingOnly A Password) to Informational RFC
It's come to my attention that there is an error in the above
referenced announcement
(http://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=934&k2=675
9&tid=12481845
60). The announcement says "The IESG has received a request
from an individual submitter to consider the following
document: - 'EAP Authentication Using Only A Password ' as an
Informational RFC" but this statement is false: the IESG
received a request to publish the draft as a Proposed
Standard. The intended status is clearly indicated in the
first page header (reproduced below). Please correct this
error and issue the corrected announcement as soon as
possible. Thank you.
Network Working Group
D. Harkins
Internet-Draft
Aruba Networks
Intended status: Standards Track
G. Zorn
Expires: December 31, 2009
NetCube
June 29, 2009
EAP Authentication Using Only A Password
draft-harkins-emu-eap-pwd-04
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf