Mahesh Jethanandani has entered the following ballot position for charter-ietf-emu-07-00: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-emu/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- "EDHOC", paragraph 8 > In summary, the working group shall produce the following documents: > > * Documents for the maintenance and update of existing EAP protocols > > * Define mechanisms by which EAP methods can support creation of long-term > credentials for the peer based on initial limited-use credentials. > > * Develop an EAP method for use in constrained environments that wish to > leverage the EDHOC key exchange mechanism. > > * Devise a passwordless EAP method that can incorporate use of CTAP2 or other > similar authentication mechanism. > > * An EAP method that provides privacy by preventing a visited network or > service from knowing the identity of a user, and for keeping the identity > provider for that user from tracking what networks or services a specific user > is accessing. I support Eric's BLOCK on indicating the intended status of the above list of documents. ------------------------------------------------------------------------------- NIT ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. Section 3GPP, paragraph 0 > At the same time, some new use cases for EAP have been identified. EAP is now > more broadly in mobile network authentication. The group will update existing > EAP methods such as EAP-AKA' to stay in sync with updates to the referenced > 3GPP specifications. RFC 7258 notes that pervasive monitoring is an attack. > Perfect Forward Secrecy (PFS) is an important security property for modern > protocols to thwart pervasive monitoring. The group will therefore work on an > extension to EAP-AKA' for providing PFS. Seem to be missing a word in the sentence "more broadly in mobile network ...". Also, is there a reference for EAP-AKA'? _______________________________________________ Emu mailing list -- [email protected] To unsubscribe send an email to [email protected]
