Re: [Emu] EAP and authorization

To: Dave Nelson <d.b.nelson at comcast.net>
Subject: Re: [Emu] EAP and authorization
From: Alan DeKok <aland at deployingradius.com>
Date: Wed, 12 Aug 2009 16:43:00 +0200
Cc: emu at ietf.org
Delivered-to: emu at core3.amsl.com
In-reply-to: <111EFB0EC0224D21B64121456DAB1D4C at NEWTON603>
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update $EMU$" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <012d01ca1763$496a12d0$dc3e3870$ at yegin@yegin.org> <4A819BD1.90802 at deployingradius.com> <008f01ca1aad$137353b0$3a59fb10$ at net><4A81BA2B.1090400 at deployingradius.com><AC6674AB7BC78549BB231821ABF7A9AE8E777157FB at EMBX01-WF.jnpr.net><00c301ca1ac3$8a0af800$9e20e800$ at net><4A81EBBB.7040507 at deployingradius.com><012a01ca1b05$53ffa610$fbfef230$ at net> <4A824F85.6080307 at deployingradius.com> <144465FACC914EA48639B7CACC77C68D at NEWTON603> <4A82C45A.2030605 at deployingradius.com> <111EFB0EC0224D21B64121456DAB1D4C at NEWTON603>
User-agent: Thunderbird 2.0.0.22 (Macintosh/20090605)

Dave Nelson wrote:
>>   This is the first I've heard of an "implicit authentication 
>> action" in this context.
> 
> We have NULL cipher-suites, why can't we have NULL authentication methods?  

  Yes, but it means we are far afield of the original discussion.

> My opinion is that is both "useful" *and* "inappropriate".  See my recent
> response to Steve Hanna's post.  I think that either the EMU WG or NEA WG
> needs to seek to amend the "domain of applicability" for EAP to explicitly
> include transport of authorization-related data, and be done with it.

  That's clear enough.

> That's the straightforward approach.   It avoids the need to cling to
> alternate definitions of well understood terms.  If you need to re-charter
> to gain that authority, then so be it.  IMHO, this whole discussion looks
> like an end-run around the "domain of applicability" restrictions for EAP.

  I agree it does look that way.  I don't even think that's a wrong
characterization of the issue.

> Shall we take the high road here?  At the very least, you could seek
> clarification from the IESG as to whether they think that the current
> "domain of applicability" for EAP embraces the "additional data" you want to
> include.  After all, enforcement of "applicability statements" is a very hit
> or miss thing in the IETF.  You may get lucky.  :-)

  I would prefer to get WG consensus first.  If the WG believes it's a
good idea, the re-chartering process becomes simpler.

  Alan DeKok.

Follow-Ups:
- Re: [Emu] EAP and authorization
  - From: Stefan Winter

References:
- [Emu] EAP and authorization
  - From: Alper Yegin
- Re: [Emu] EAP and authorization
  - From: Alan DeKok
- Re: [Emu] EAP and authorization
  - From: Glen Zorn
- Re: [Emu] EAP and authorization
  - From: Alan DeKok
- Re: [Emu] EAP and authorization
  - From: Stephen Hanna
- Re: [Emu] EAP and authorization
  - From: Glen Zorn
- Re: [Emu] EAP and authorization
  - From: Alan DeKok
- Re: [Emu] EAP and authorization
  - From: Glen Zorn
- Re: [Emu] EAP and authorization
  - From: Alan DeKok
- Re: [Emu] EAP and authorization
  - From: Dave Nelson
- Re: [Emu] EAP and authorization
  - From: Alan DeKok
- Re: [Emu] EAP and authorization
  - From: Dave Nelson

Prev by Date: Re: [Emu] EAP and authorization
Next by Date: Re: [Emu] EAP and authorization
Previous by thread: Re: [Emu] EAP and authorization
Next by thread: Re: [Emu] EAP and authorization
Index(es):
- Date
- Thread

Re: [Emu] EAP and authorization

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.