Hi Roman and Mohamed,
You both have comments on the text RECOMMENDing DPP for Wi-Fi and TLS-POK for
wired networks. The text in question is this:
This document does not address the problem of Wi-Fi network discovery,
where a bootstrapping
device detects multiple different Wi-Fi networks and needs a more
robust and scalable mechanism
than simple round-robin to determine the correct network to attach to.
DPP addresses this issue.
Thus, the intention is that DPP is the RECOMMENDED mechanism for
bootstrapping against
Wi-Fi networks, and TLS-POK is the RECOMMENDED mechanism for
bootstrapping against wired
networks.
Now, Roman's comment concerns making a normative statement about an informative
reference. Mohamed's is that we are making a recommendation about DPP but also
that our I-D is not the place to "self-promote". So setting aside the
self-promotion, would this resolve both of your concerns about recommendation
of DPP?
This document does not address the problem of Wi-Fi network discovery,
where a bootstrapping
device detects multiple different Wi-Fi networks and needs a more
robust and scalable mechanism
than simple round-robin to determine the correct network to attach to.
DPP addresses this issue.
But DPP's discovery will not work on a wired 802.1X ethernet port while
TLS-POK will. Therefore,
TLS-POK is NOT RECOMMENDED for bootstrapping against Wi-Fi networks but
is RECOMMENDED
for wired networks.
Please let us know if this works.
Regarding self-promotion. Well we have identified a problem and are proposing
a solution. Of course we are promoting this as the solution since there is no
other one. I don't know how to respond to this comment except that, yes, an I-D
describing a solution to a problem is the place to promote the solution. So,
respectfully, we would like to reject your comment and if the above change is
satisfactory to the other part of your comment ask you to clear your DISCUSS.
regards,
Dan.
--
"the object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." – Marcus Aurelius
On 9/2/25, 5:49 PM, "Roman Danyliw via Datatracker" <[email protected]> wrote:
Roman Danyliw has entered the following ballot position for
draft-ietf-emu-bootstrapped-tls-08: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/__;!!NpxR!mcnH6D49ZcpPYaB5q_fyf8p08grRMgPHVIvijzWsu-XaGF3TvKU40t2b6Onpif4f5Q8yyVCnD-FzIphg$
for more information about how to handle DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/__;!!NpxR!mcnH6D49ZcpPYaB5q_fyf8p08grRMgPHVIvijzWsu-XaGF3TvKU40t2b6Onpif4f5Q8yyVCnDxeQMW2v$
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
** Section 1.
Thus, the intention is that DPP is the
RECOMMENDED mechanism for bootstrapping against Wi-Fi networks, and
TLS-POK is the RECOMMENDED mechanism for bootstrapping against wired
networks.
-- Normative language is being used for [DPP], making it a normative
reference
-- Why is the EMU WG specifying normative requirement “against Wi-Fi
networks”
for a standard not specified by the IETF?
-- Since normative behavior is being specified for DPP, what are DPP’s
security
considerations?
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
** Section 2.
In this model,
physical possession of the device implies legitimate ownership.
What does “legitimate ownership” mean in this context? Isn’t it just
“physical
control of the system”?
_______________________________________________
Emu mailing list -- [email protected]
To unsubscribe send an email to [email protected]
