ietf
[Top] [All Lists]

Re: Last Call: <draft-ietf-nea-pt-eap-06.txt> (PT-EAP: Posture Transport (PT) Protocol For EAP Tunnel Methods) to Proposed Standard

2013-01-14 15:42:35
Hi Nancy,
At 12:29 14-01-2013, Nancy Cam-Winget (ncamwing) wrote:
[NCW] I can change it to a lower case "must", ok?

That's ok.

[NCW] We can move the reference to be normative.

Ok.

[NCW] I don't think there are specifically for PT-EAP.  The sections you
reference
Were to (in section 6) addressing the general EAP identity as PT-EAP is
really not
An "authentication" method.

If I understood the above correctly PT-EAP does not transport any information which could be used to identify an individual. That's different from PT-EAP not being an "authenticated" method. Therefore, there isn't much to say in terms of privacy considerations.

I suggest not including the following then:

  "As a transport protocol, PT-EAP does not directly utilize or
   require direct knowledge of any personally identifiable
   information (PII)."

The draft can leverage the second paragraph of Section 6 as "privacy considerations" instead of making a statement about PII. I'll copy this message to ietf-privacy@ to get a better opinion.

In Section 6:

  "Therefore, it is important for deployers to leverage these
   protections in order to prevent disclosure of PII potentially
   contained within PA-TNC or PB-TNC within the PT-EAP payload."

I suggest "information about an individual" instead of PII [1].

Regards,
-sm

1. I used the wording from draft-iab-privacy-considerations-06