Hi all, During IESG processing of draft-ietf-abfab-gss-eap we agreed to add a reference to the EAP applicability statement so that when gss-eap becomes an RFC, its clear that we're ok. (The gss-eap draft was approved btw, but we need to get that escaping thing and a few nits sorted before you'll see the announcement.)
I asked the IESG if adding that reference and having abfab process the EAP applicability statement was ok and folks were ok with that. I also got the comment below from Bernard Aboba. That looks like it'd be useful to consider as you process the EAP applicability statement which is on your agenda for Vancouver. It doesn't seem to me like this'd raise any nasty problems for abfab, but then what do I know:-) Cheers, S. "There is another issue here, which is the guidance in RFC 4962, in particularly the requirement for a mandatory-to-implement mechanism. In enterprise WLAN network access, where enterprise users are typically provided with access software by their employers -- there is almost always a secure method satisfying the RFC 4017 requirements that is required for access to a given enterprise. Similarly, carrier networks that have deployed EAP (e.g. WiMAX) have also specified a mandatory-to-implement method (e.g., EAP-TLS). However, in other deployment scenarios, such as consumer uses where no AAA server is present and there are typically no EAP methods supported on the device, there is no mechanism for meeting the RFC 4962 requirements. In those scenarios, EAP is not a good fit. The changes to the EAP applicability statement do not obsolve authors advocating new uses of EAP from demonstrating adherence to the RFC 4962 requirements." _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
