ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Proposed Standard

2009-07-24 13:57:36
from [Joseph Salowey (jsalowey)] [Permanent Link] 
I also think this should be done in a working group. 

Joe  


-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On 
Behalf Of Bernard Aboba
Sent: Wednesday, July 22, 2009 5:37 PM
To: ietf(_at_)ietf(_dot_)org
Subject: Re: Last Call: draft-harkins-emu-eap-pwd (EAP 
Authentication UsingOnly A Password) to Proposed Standard

I would like to comment on the process aspect of this IETF 
last call.  A subsequent post will provide comments on the protocol. 
 
Overall, I believe that the appropriate process for handling 
this document is not to bring it to IETF last call as an 
individual submission, but rather to charter a work item 
within an IETF WG.  
 
There are two current EAP method drafts that are based on 
zero-knowledge algorithms:
1. http://tools.ietf.org/html/draft-harkins-emu-eap-pwd (this 
document)
2. http://tools.ietf.org/html/draft-sheffer-emu-eap-eke
 
Previously there was also an EAP method submission utilizing SRP:
3. http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03
 
All three of these documents were slated for inclusion on the 
IETF standards track. 
 
Given the number of EAP method RFCs that have already been 
published, I do not believe that it serves the Internet 
community for the IETF to publish multiple EAP method 
specifications of a similar genre on the Standards Track, 
while bypassing the WG process.  
 
If the standardization of zero-knowledge algorithms is an 
important area of work for the IETF (and I believe this to be 
true), then work in this area should be chartered as a 
working group work item, with the goal to select a single 
method for standardization.  Prior to the EMU WG re-charter, 
Dan Harkins made an argument for chartering of work in this 
area.  His arguments were sound then, and they are (even 
more) sound today.  However, Dan did not succeed in getting 
the work added to the EMU WG charter.  It is time for the 
IESG to re-consider its decision to delay standardization of 
zero knowledge algorithms, which was made in the earlier part 
of the decade.  If the EMU WG is not suitable for handling 
this work, then another security area WG should be created 
for the purpose.  
 
 
 
 
 



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: BCP 47 reference (was Re: Last Call: draft-nottingham-http-link-header from digest), Phillips, Addison
Next by Date:  Gen-ART Review of draft-ietf-speermint-voip-consolidated-usecases-13, Spencer Dawkins
Previous by Thread:  RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication Using Only A Password) to Proposed Standard, Glen Zorn
Next by Thread:  RE: Last Call: draft-harkins-emu-eap-pwd (EAP Authentication UsingOnly A Password) to Proposed Standard, Tschofenig, Hannes (NSN - FI/Espoo)
Indexes:  [Date] [Thread] [Top] [All Lists]