Re: [Emu] EMU charter revision,

To: "Bernard Aboba" <bernard_aboba at hotmail.com>, <emu at ietf.org>
Subject: Re: [Emu] EMU charter revision,
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Wed, 30 Apr 2008 10:32:41 -0700
Authentication-results: sj-dkim-1; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Delivered-to: ietfarch-emu-web-archive at core3.amsl.com
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=2652; t=1209576712; x=1210440712; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20RE=3A=20[Emu]=20EMU=20charter=20revision, |Sender:=20; bh=iYcN9fX+KESw3nDlnMRy+u50rHNKMECAzt5I+my9NnM=; b=BQEtCuxU3RAQUgtQduSup9I+8Tlt7KKYcJsClTXwyVfpc/Hrmru9Ql5wOf /ff4EzFh/2kkUBCuL7g6oUQzCfP2C8DYImSEyPB+tifbJUBVSAPDuwkhG4In irCw/kA31xx+dFP1V5wnhtHyeWPItmRgiCm3PjMfFm6fQ7yCaMZRs=;
In-reply-to: <BLU137-W255AAAC2F629AB366821993D90@phx.gbl>
List-archive: <http://www.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <BLU137-W255AAAC2F629AB366821993D90@phx.gbl>
Sender: emu-bounces at ietf.org
Thread-index: AciqMkKiVF3DAopwS3it/91Ti19LXgAq8Y/Q
Thread-topic: [Emu] EMU charter revision,

 

> -----Original Message-----
> From: emu-bounces at ietf.org [mailto:emu-bounces at ietf.org] On 
> Behalf Of Bernard Aboba
> Sent: Tuesday, April 29, 2008 12:50 PM
> To: emu at ietf.org
> Subject: Re: [Emu] EMU charter revision,
> 
> In re-reading this charter, I still don't think we're quite there:
>  
> a.  Why is there still a charter item for EAP-TLS?  This work 
> has been completed, no? 
>  
[Joe] Yes it has. I originally argued to keep it in the charter for
historical reasons, but now it seems to make more sense to remove it. 

> b. Attempting to extend EAP-TLS to support tunneling or 
> channel bindings is not appropriate. EAP-TLS already widely 
> deployed, with large investments in conformance tests.  Given 
> the number of existing TLS-based tunneling protocols, such a 
> work item would serve no useful purpose.  Let's focus on 
> adding channel binding support to tunnel methods. 
>
[Joe] Jari had asked to keep this open to TLS.  I think he was
suggesting it could be done as a TLS extension and would not require
tunneling.  I agree that we do not want to extend EAP-TLS to do
tunneling. 

How about:

"- Enable a TLS-based EAP method to support channel bindings. This item
will not generate a new method, rather it will focus on supporting EAP 
channel bindings within the tunnel method.  The possiblity of adding
channel bindings to EAP-TLS through a TLS extension or other standard
TLS mechanism may also be investigated. " 
  
> c. To some extent, I agree with Dan and Yoav with respect to 
> the need for password-based methods.  Had such methods been 
> available earlier, it's questionable whether TLS tunneling 
> would have taken off to the extent that it has.  Also, I 
> think that such methods, if specified in the IETF, would be 
> likely to be widely deployed.  However, on the other hand I 
> think that this is really an issue for the entire security 
> area, not just for EMU.  So I'd suggest that this issue be 
> brought up in SAAG. 
>  
[Joe] I agree.  

> =====================================================================
> Below is a revision to the EMU charter that is intended to 
> reflect the discussions in the Philadelphia meeting.  Please 
> respond to the list if you approve of the charter or if you 
> have any comments on the charter.
> I would like to have responses by 4/24.
>  
> Thanks,
> Joe
>  
>  
> 
> 
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu

Follow-Ups:
- Re: [Emu] EMU charter revision,
  - From: Bernard Aboba

References:
- Re: [Emu] EMU charter revision,
  - From: Bernard Aboba

Prev by Date: Re: [Emu] EMU charter revision
Next by Date: Re: [Emu] EMU charter revision,
Previous by thread: Re: [Emu] EMU charter revision,
Next by thread: Re: [Emu] EMU charter revision,
Index(es):
- Date
- Thread

Re: [Emu] EMU charter revision,

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.