I would like to comment on the process aspect of this IETF last call.  A 
subsequent post will provide comments on the protocol. 

 

Overall, I believe that the appropriate process for handling this document is 
not to bring it to IETF last call as an individual submission, but rather to 
charter a work item within an IETF WG.  

 

There are two current EAP method drafts that are based on zero-knowledge 
algorithms:

1. http://tools.ietf.org/html/draft-harkins-emu-eap-pwd (this document)

2. http://tools.ietf.org/html/draft-sheffer-emu-eap-eke

 

Previously there was also an EAP method submission utilizing SRP:

3. http://tools.ietf.org/html/draft-ietf-pppext-eap-srp-03

 

All three of these documents were slated for inclusion on the IETF standards 
track. 

 

Given the number of EAP method RFCs that have already been published, I do not 
believe that it serves the Internet community for the IETF to publish multiple 
EAP method specifications of a similar genre on the Standards Track, while 
bypassing the WG process.  

 

If the standardization of zero-knowledge algorithms is an important area of 
work for the IETF (and I believe this to be true), then work in this area 
should be chartered as a working group work item, with the goal to select a 
single method for standardization.  Prior to the EMU WG re-charter, Dan Harkins 
made an argument for chartering of work in this area.  His arguments were sound 
then, and they are (even more) sound today.  However, Dan did not succeed in 
getting the work added to the EMU WG charter.  It is time for the IESG to 
re-consider its decision to delay standardization of zero knowledge algorithms, 
which was made in the earlier part of the decade.  If the EMU WG is not 
suitable for handling this work, then another security area WG should be 
created for the purpose.  

 

 

 

 

 
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to