Thanks for the review On Tue, Jun 3, 2025 at 11:29 AM Mahesh Jethanandani via Datatracker < nore...@ietf.org> wrote:
> Mahesh Jethanandani has entered the following ballot position for > charter-ietf-emu-07-00: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-emu/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > "EDHOC", paragraph 8 > > In summary, the working group shall produce the following documents: > > > > * Documents for the maintenance and update of existing EAP protocols > > > > * Define mechanisms by which EAP methods can support creation of > long-term > > credentials for the peer based on initial limited-use credentials. > > > > * Develop an EAP method for use in constrained environments that wish to > > leverage the EDHOC key exchange mechanism. > > > > * Devise a passwordless EAP method that can incorporate use of CTAP2 or > other > > similar authentication mechanism. > > > > * An EAP method that provides privacy by preventing a visited network or > > service from knowing the identity of a user, and for keeping the identity > > provider for that user from tracking what networks or services a > specific user > > is accessing. > > I support Eric's BLOCK on indicating the intended status of the above list > of > documents. > > [Joe] These document should be listed as standards track > > ------------------------------------------------------------------------------- > NIT > > ------------------------------------------------------------------------------- > > All comments below are about very minor potential issues that you may > choose to > address in some way - or ignore - as you see fit. Some were flagged by > automated tools (via https://github.com/larseggert/ietf-reviewtool), so > there > will likely be some false positives. There is no need to let me know what > you > did with these suggestions. > > Section 3GPP, paragraph 0 > > At the same time, some new use cases for EAP have been identified. EAP > is now > > more broadly in mobile network authentication. The group will update > existing > > EAP methods such as EAP-AKA' to stay in sync with updates to the > referenced > > 3GPP specifications. RFC 7258 notes that pervasive monitoring is an > attack. > > Perfect Forward Secrecy (PFS) is an important security property for > modern > > protocols to thwart pervasive monitoring. The group will therefore work > on an > > extension to EAP-AKA' for providing PFS. > > Seem to be missing a word in the sentence "more broadly in mobile network > ...". > Also, is there a reference for EAP-AKA'? > > Yes it should be "EAP is now used more broadly". We can include a reference to RFC9048
_______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
