Joseph Salowey (jsalowey) [mailto:jsalowey(_at_)cisco(_dot_)com] writes:
I object to this document being published as a Proposed Standard. When
this document was discussed in the EMU meeting at IETF-71 there was
much
concern raised with respect to existing IPR in the area of secure
password methods used by this draft. Additionally, soon after its
initial publication and announcement on the CFRG list, flaws were found
with the draft. The authors were very responsive in addressing the
issues, but this points out that the algorithms used in this draft have
had less review than other secure password mechanisms developed over
the
years. Another approach to a secure password only EAP method, EAP-EKE,
has been proposed in draft-sheffer-emu-eap-eke-02. This method is
based
on EKE, which is already in use, has a long history of review, and has
much better understood IPR considerations. Given that there is an
alternative to consider I do not support publishing EAP-PWD in the
standards track.
IMHO, this question is orthogonal (& largely immaterial) to the one at hand.
It's one thing for the IETF to reach consensus that the draft be
Informational; it is a completely different thing for the publication path
to be changed without either notification of (other than the Last Call
announcement itself) or consultation with the authors. If this was _not_ a
simple error, then the action was arbitrary & capricious, not to mentioned
underhanded & must certainly be considered as grounds for dismissal of the
(as yet unnamed) person or persons responsible, unless the IETF has recently
converted to an authoritarian regime. As an aside, it seems that
draft-green-secsh-ecc has suffered the same fate, suggesting that this is
neither an error nor an isolated occurrence.
...
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf