Steve Hanna said:
"However, I agree that it would be better to get IESG clarification that carrying authorization data in EAP is permissible. As Alan suggested, the first step is probably to have a WG consensus check to verify that we have rough consensus that this should be permitted. After that, maybe we would ask the IESG for a clarification of the applicability statement for EAP. I will note that the IESG has already approved a change to the EMU charter to add a work item for channel bindings. So they have already indicated their support for that effort." Do we really need "IESG clarification" or a "consensus check" to verify that IESG approval of a work item for channel bindings should be interpreted as approval to actually work on channel bindings??? Given that Channel Bindings is discussed in both RFC 3748 and 5247, I think we can say definitively that regardless of whether Channel Bindings are actually useful (personally, I have doubts) that they are within the the scope of applicability of RFC 3748. However, since those documents make it clear that Channel Bindings were not intended as a generic authorization exchange (despite the confusion on that point within the Channel Bindings document). Therefore IESG approval of a Channel Bindings work item should not be construed as a license to change the definition of Channel Bindings to satisfy another distinct need. Doing so would require updating of RFC 3748 and 5247, which is not within the EMU WG charter.
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
