Hi Joe,
On Wed, January 30, 2008 1:40 pm, Joseph Salowey (jsalowey) wrote:
> Hi Dan,
>
> The EMU group was chartered to work on a password based method to work
> with existing password databases. During the last year we have had
> discussions in meetings and on the list to reach working group consensus
> on the way to meet this task. The consensus is to use a tunnel method
> to meet this task and is the reason why we are adding this to the
> charter. Removing the sentence that indicates use of a tunnel method
> from the charter would be counter to the consensus we have reached.
I don't believe that would be the case. The changes to the charter that
are being proposed say:
"- A mechanism to support extensible communication within a TLS protected
tunnel that meets RFC 3748 and RFC 4017 requirements. This mechanism
must support channel bindings in order to meet RFC 4962 requirements.
This mechanism will support meeting the requirements of an enhanced TLS
mechanism, a password based authentication mechanism, and
additional inner authentication mechanisms."
Which is all well and good. It will support a password-based authentication
mechanism. Great! I'm on board! But I'm not talking about that change and I
don't really have a problem with with it.
The change I'm talking about is adding the following sentence to the
_existing_ item dealing with a stand-alone password method:
"This item will be based on the above tunnel method."
> EMU was chartered with a constrained set of goals, which is why we must
> re-charter to add a tunnel method. Adding a new item requires gaining
> consensus within the working group and approval from the IESG. The
> first step in this process would be to have a proposal.
Yes, yes. I understand why the charter is being updated: to add that
stuff above about "A mechanism to support extensible communication within
a TLS protected tunnel...." That's great.
But I'm not talking about "adding a new item" I'm talking about
_removing_ an existing item. The current charter, not the update that you
asked for consensus on, says:
"- A mechanism meeting RFC 3748 and RFC 4017 requirements that makes use
of existing password databases such as AAA databases. The
implementation should strive to be usable in resource constrained
environments."
All I want is to leave that alone. Please, add the new item about the
tunnel method. I'm behind you 100% on that. But hat is a completely
separate issue.
Yes, we have consensus to ADD a tunneled method. Great. No dispute. But
I don't see how that translates into consensus to REMOVE another item from
the charter. Especially something that obviously has so much value that
the group agreed to put it in its charter in the first place!
regards,
Dan.
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
