ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Informational RFC

2009-07-21 18:19:49
from [Joseph Salowey (jsalowey)] [Permanent Link] 
I object to this document being published as a Proposed Standard.  When
this document was discussed in the EMU meeting at IETF-71 there was much
concern raised with respect to existing IPR in the area of secure
password methods used by this draft.  Additionally, soon after its
initial publication and announcement on the CFRG list, flaws were found
with the draft.  The authors were very responsive in addressing the
issues, but this points out that the algorithms used in this draft have
had less review than other secure password mechanisms developed over the
years.  Another approach to a secure password only EAP method, EAP-EKE,
has been proposed in draft-sheffer-emu-eap-eke-02.  This method is based
on EKE, which is already in use, has a long history of review, and has
much better understood IPR considerations.  Given that there is an
alternative to consider I do not support publishing EAP-PWD in the
standards track. 

Joe


-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On 
Behalf Of Glen Zorn
Sent: Tuesday, July 21, 2009 7:01 AM
To: iesg-secretary(_at_)ietf(_dot_)org
Cc: iesg-secretary(_at_)ietf(_dot_)org; ietf(_at_)ietf(_dot_)org
Subject: RE: Last Call: draft-harkins-emu-eap-pwd (EAP 
Authentication UsingOnly A Password) to Informational RFC 

It's come to my attention that there is an error in the above 
referenced announcement
(http://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=934&k2=675
9&tid=12481845
60).  The announcement says "The IESG has received a request 
from an individual submitter to consider the following 
document: - 'EAP Authentication Using Only A Password ' as an 
Informational RFC" but this statement is false: the IESG 
received a request to publish the draft as a Proposed 
Standard.  The intended status is clearly indicated in the 
first page header (reproduced below).  Please correct this 
error and issue the corrected announcement as soon as 
possible.  Thank you.

Network Working Group                                         
D. Harkins
Internet-Draft                                            
Aruba Networks
Intended status: Standards Track                              
   G. Zorn
Expires: December 31, 2009                                    
   NetCube
                                                           
June 29, 2009


                EAP Authentication Using Only A Password
                      draft-harkins-emu-eap-pwd-04



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: draft-ietf-mpls-tp-requirements (MPLS-TP Requirements)toProposed Standard, Adrian Farrel
Next by Date:  RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Informational RFC, Dan Harkins
Previous by Thread:  RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication Using Only A Password) to Informational RFC, Glen Zorn
Next by Thread:  RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Informational RFC, Dan Harkins
Indexes:  [Date] [Thread] [Top] [All Lists]