AW: [SECMECH] Desire to standardize some specific EAP mechanisms

"Tschofenig, Hannes" <hannes.tschofenig@siemens.com> Fri, 15 July 2005 07:32 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DtKgd-00064T-7N; Fri, 15 Jul 2005 03:32:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DtKgb-00064L-53 for secmech@megatron.ietf.org; Fri, 15 Jul 2005 03:32:41 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA10369 for <secmech@ietf.org>; Fri, 15 Jul 2005 03:32:39 -0400 (EDT)
Received: from lizzard.sbs.de ([194.138.37.39]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DtL9M-00046o-Un for secmech@ietf.org; Fri, 15 Jul 2005 04:02:25 -0400
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.12.6/8.12.6) with ESMTP id j6F7WQrj024941; Fri, 15 Jul 2005 09:32:27 +0200
Received: from fthw9xpa.ww002.siemens.net (fthw9xpa.ww002.siemens.net [157.163.133.222]) by mail2.sbs.de (8.12.6/8.12.6) with ESMTP id j6F7WQWh011119; Fri, 15 Jul 2005 09:32:26 +0200
Received: from MCHP7IEA.ww002.siemens.net ([139.25.131.146]) by fthw9xpa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.0); Fri, 15 Jul 2005 09:35:49 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: AW: [SECMECH] Desire to standardize some specific EAP mechanisms
Date: Fri, 15 Jul 2005 09:32:23 +0200
Message-ID: <ECDC9C7BC7809340842C0E7FCF48C393421E16@MCHP7IEA.ww002.siemens.net>
Thread-Topic: [SECMECH] Desire to standardize some specific EAP mechanisms
Thread-Index: AcWIviSj48xInkznSyCFC+G1ztZ6swAURcvQ
From: "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>
To: "Sam Hartman" <hartmans-ietf@mit.edu>, <secmech@ietf.org>
X-OriginalArrivalTime: 15 Jul 2005 07:35:49.0796 (UTC) FILETIME=[D26F6E40:01C5890F]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Content-Transfer-Encoding: quoted-printable
Cc:
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

hi sam, 

it seems that you already have some eap methods in mind that you would like to standardize. 
can you tell us more? 

ciao
hannes


> -----Ursprüngliche Nachricht-----
> Von: secmech-bounces@lists.ietf.org 
> [mailto:secmech-bounces@lists.ietf.org] Im Auftrag von Sam Hartman
> Gesendet: Donnerstag, 14. Juli 2005 22:37
> An: secmech@ietf.org
> Betreff: [SECMECH] Desire to standardize some specific EAP mechanisms 
> 
> 
> 
> 
> Comments from the EAP chairs and the IESG suggest there is a strong
> desire to standardize some specific EAP mechanisms probably before the
> GUAM work is done.
> 
> I think this might be doable particularly if the EAP mechanisms
> standardized are things like eap-tls where there are already
> alternatives for other frameworks.  The issue is simply one of timing.
> 
> The original proposal was to do that work in the EAP working group and
> to (depending on BOF results) spin up secmech to do the more general
> work.
> 
> I'm uncomfortable with that work being done outside the security area.
> I'm also uncomfortable with two ongoing parallel efforts without
> strong coordination.
> 
> I propose that if we want to take that approach we standardize the
> specific mechanisms in the secmech group along with doing the more
> general work.  For timing reasons we might even need to prioritize
> some of the EAP work.  I think there are many advantages to doing so:
> 
> 1) We become more familiar with the requirements of EAP and 
> the same group of people doing general work get specific 
> practical experience.
> 
> 2) Since the same group of people are doing both the general and
>    specific work you are likely to get better sanity checking across
>    the projects.
> 
> 3) You make sure the efforts don't diverge.
> 
> 4) You leverage security review experience from the GSS and SASL
>    comnunities and practical deployment experience from the 
> EAP community.
> 
> If we take that approach, two things need to happen.  First, we need
> to get a specific set of mechanisms to standardize early into the
> charter.  Second, we would need at least one int-area chair--possibly
> one of the existing EAP chairs if willing to serve--by the time a WG
> is chartered.
> 
> Thanks for your consideration,
> 
> --Sam
> 
> 
> _______________________________________________
> SECMECH mailing list
> SECMECH@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/secmech
> 

_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech