I see it a bit differently since I was at many EAP meetings where EAP
method authors wanted to work on standards track EAP methods.
Ciao
Hannes
Bernard Aboba wrote:
Part of the problem with EAP methods is that people should have
started to standardize them within the IETF several years ago.
: Tuesday, April 03, 2007 8:16 AM
To: Bernard Aboba; emu@ietf.org
Subject: RE: [Emu] Thoughts on Password-based EAP Methods
Some of the things that need to be fixed are fairly fundamental. For
example crypto-binding and avoiding multiple layers of negotiation are
fairly fundamental. At this point
Jouni Malinen wrote:
I'm aware of at least one, though maybe partial, implementation of
TTLSv1. Anyway, I don't think it has been deployed anywhere.
I talked to Paul Funk about this. He hasn't implemented EAP-TTLSv1,
is not planning to do so, and is not aware of any implementations
or
Also, Pascal asked about a patent application. I asked Paul about
that and he said it isn't about EAP-TTLS.
Searching the IETF IPR page, I found the following disclosure, which relates
to TLS-IA, and therefore is only relevant to EAP-TTLSv1:
, April 02, 2007 3:48 PM
To: Joseph Salowey (jsalowey); Bernard Aboba; emu@ietf.org
Subject: RE: [Emu] Thoughts on Password-based EAP Methods
I believe there were many issues with how PEAP progressed, if
we are careful we could prevent the same things from
happening with TTLS.
Ryan
Bernard:
I am not sure reusing one of the existing EAP methods is the right
approach. All three EAP method mentioned, EAP-TTLS/PEAP/EAP-FAST all has
something that are outside the scope of the charter, which means we have
to take some of them out. Not unitl we change the charter, then we can
pick