Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.txt> (PT-EAP: Posture Transport (PT) Protocol For EAP Tunnel Methods) to Proposed Standard
SM <sm@resistor.net> Wed, 09 January 2013 07:31 UTC
Return-Path: <sm@resistor.net>
X-Original-To: nea@ietfa.amsl.com
Delivered-To: nea@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5988921F86F6; Tue, 8 Jan 2013 23:31:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.574
X-Spam-Level:
X-Spam-Status: No, score=-102.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qEcz1Yg5bcXS; Tue, 8 Jan 2013 23:31:19 -0800 (PST)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 81AD621F878F; Tue, 8 Jan 2013 23:31:18 -0800 (PST)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r097VCPu007191; Tue, 8 Jan 2013 23:31:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1357716678; bh=G7d/Yxa+9TLn8tyYk07NNZajk1dfZUFm1cTgpKzYAwI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=GeAtWcw3RfRfTcHU6GBRRYVLP/dS3NTqcsm+o35nBnzSiPDIbpnqzILQqvECFfeoy kxDQiMxbt+STQK/P8EVAvJt5zt77Lh0Z4VLRD9QHveLSv8qduWCiZmuH4kM/hy3LUN coqK+CeNwHP7qSzuTYzzQ27Naddgc2h6lipEzPgE=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1357716678; i=@resistor.net; bh=G7d/Yxa+9TLn8tyYk07NNZajk1dfZUFm1cTgpKzYAwI=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=HqNDDH8qShpT8Xh1Pg2mLyucCHjG+vjAXaMJitsVJOGndeu+hw5KoG1JlJFe2pwMQ dFK2au3DyC8BqVaij0g4Wwq+AiY+DAMibgbayPmniEatJpBlTsGEXGuv5GUrc4WAuc uTF9CccIV6YBvcNFdCD4LbrZwQyftuDfK7+2i1cg=
Message-Id: <6.2.5.6.2.20130108225436.0b31f008@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 08 Jan 2013 23:25:24 -0800
To: ietf@ietf.org
From: SM <sm@resistor.net>
In-Reply-To: <20130102144303.25143.30944.idtracker@ietfa.amsl.com>
References: <20130102144303.25143.30944.idtracker@ietfa.amsl.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Mailman-Approved-At: Wed, 09 Jan 2013 03:20:51 -0800
Cc: nea@ietf.org
Subject: Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.txt> (PT-EAP: Posture Transport (PT) Protocol For EAP Tunnel Methods) to Proposed Standard
X-BeenThere: nea@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nea>
List-Post: <mailto:nea@ietf.org>
List-Help: <mailto:nea-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 07:31:20 -0000
At 06:43 02-01-2013, The IESG wrote: >The IESG has received a request from the Network Endpoint Assessment WG >(nea) to consider the following document: >- 'PT-EAP: Posture Transport (PT) Protocol For EAP Tunnel Methods' > <draft-ietf-nea-pt-eap-06.txt> as Proposed Standard > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send substantive comments to the >ietf@ietf.org mailing lists by 2013-01-16. Exceptionally, comments may be This is a quick comment. In Section 1: "The PT-EAP protocol MUST be protected by an outer TLS-based EAP tunnel method to ensure the exchanged messages are protected from a variety of threats from hostile intermediaries." The RFC 2119 boilerplate is after that "MUST". In Section 1.1: "This document does not define an architecture or reference model. Instead, it defines a protocol that works within the reference model described in the NEA Requirements specification [RFC5209]." The reference is informative. In Section 6: "PT-EAP does not directly utilize or require direct knowledge of any personally identifiable information (PII). PT-EAP will typically be used in conjunction with other EAP methods that provide for the user authentication (if bi-directional authentication is used), so the user's credentials are not directly seen by the PT-EAP inner method." Section 9 RFC 5209 mentions that: "However, in situations where the endpoint is owned by the user or where local laws protect the rights of the user even when using endpoints owned by another party, it is critical that the NEA implementation enable the user to control what endpoint information is shared with the network." I didn't find any information in the draft to assess the privacy implications. Are there any such implications? Regards, -sm
- [Nea] Last Call: <draft-ietf-nea-pt-eap-06.txt> (… The IESG
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… SM
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… Nancy Cam-Winget (ncamwing)
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… Stephen Hanna
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… Stephen Hanna
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… Stephen Farrell
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… Stephen Hanna
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… Stephen Farrell
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… SM
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… SM
- Re: [Nea] Last Call: <draft-ietf-nea-pt-eap-06.tx… SM