[HOKEY] Publication request: draft-ietf-hokey-key-mgm

["Glen Zorn" <gwz at net-zen.net>]

The hokey WG requested the publication of Distribution of EAP based keys for
handover and re-authentication
(http://www.ietf.org/internet-drafts/draft-ietf-hokey-key-mgm-08.txt) as a
Proposed Standard RFC.  The proto write-up follows.


    (1.a) Who is the Document Shepherd for this document? Has the 
          Document Shepherd personally reviewed this version of the 
          document and, in particular, does he or she believe this 
          version is ready for forwarding to the IESG for publication? 
Glen Zorn is the document shepherd.  He has personally reviewed the document
and believes that it is ready to be forwarded to the IESG.

    (1.b) Has the document had adequate review both from key WG members 
          and from key non-WG members? Does the Document Shepherd have 
          any concerns about the depth or breadth of the reviews that 
          have been performed? 
Adequate review, no concerns.

    (1.c) Does the Document Shepherd have concerns that the document 
          needs more review from a particular or broader perspective, 
          e.g., security, operational complexity, someone familiar with 
          AAA, internationalization or XML? 
No.

    (1.d) Does the Document Shepherd have any specific concerns or 
          issues with this document that the Responsible Area Director 
          and/or the IESG should be aware of? For example, perhaps he 
          or she is uncomfortable with certain parts of the document, or 
          has concerns whether there really is a need for it. In any 
          event, if the WG has discussed those issues and has indicated 
          that it still wishes to advance the document, detail those 
          concerns here. Has an IPR disclosure related to this document 
          been filed? If so, please include a reference to the 
          disclosure and summarize the WG discussion and conclusion on 
          this issue. 
My only concern is whether the document should be on the Standards track or
if BCP would be a better classification: the original document was less
abstract & more RADIUS-specific & so Standards Track made some sense; I'm
not so sure about this version.  No IPR disclosures have been made.

    (1.e) How solid is the WG consensus behind this document? Does it 
          represent the strong concurrence of a few individuals, with 
          others being silent, or does the WG as a whole understand and 
          agree with it? 
The WG has been asked to review the document.  A few issues were raised and
dealt with.  The WG Chairs did not attempt to force the WG members to
specifically approve of the document, preferring to rely upon the
millenia-old convention that silence signifies assent.

    (1.f) Has anyone threatened an appeal or otherwise indicated extreme 
          discontent? If so, please summarise the areas of conflict in 
          separate email messages to the Responsible Area Director. (It 
          should be in a separate email because this questionnaire is 
          entered into the ID Tracker.) 
No.

    (1.g) Has the Document Shepherd personally verified that the 
          document satisfies all ID nits? (See 
          http://www.ietf.org/ID-Checklist.html and 
          http://tools.ietf.org/tools/idnits/). Boilerplate checks are 
          not enough; this check needs to be thorough. Has the document 
          met all formal review criteria it needs to, such as the MIB 
          Doctor, media type and URI type reviews? 
Yes.

    (1.h) Has the document split its references into normative and 
          informative? Are there normative references to documents that 
          are not ready for advancement or are otherwise in an unclear 
          state? If such normative references exist, what is the 
          strategy for their completion? Are there normative references 
          that are downward references, as described in [RFC3967]? If 
          so, list these downward references to support the Area 
          Director in the Last Call procedure for them [RFC3967]. 
The references look fine.

    (1.i) Has the Document Shepherd verified that the document IANA 
          consideration section exists and is consistent with the body 
          of the document? If the document specifies protocol 
          extensions, are reservations requested in appropriate IANA 
          registries? Are the IANA registries clearly identified? If 
          the document creates a new registry, does it define the 
          proposed initial contents of the registry and an allocation 
          procedure for future registrations? Does it suggest a 
          reasonable name for the new registry? See [RFC5226]. If the 
          document describes an Expert Review process has Shepherd 
          conferred with the Responsible Area Director so that the IESG 
          can appoint the needed Expert during the IESG Evaluation? 
The document makes no demands upon the IANA.

    (1.j) Has the Document Shepherd verified that sections of the 
          document that are written in a formal language, such as XML 
          code, BNF rules, MIB definitions, etc., validate correctly in 
          an automated checker? 
N/A.

    (1.k) The IESG approval announcement includes a Document 
          Announcement Write-Up. Please provide such a Document 
          Announcement Write-Up? Recent examples can be found in the
          "Action" announcements for approved documents. The approval 
          announcement contains the following sections: 
          Technical Summary 
             Relevant content can frequently be found in the abstract 
             and/or introduction of the document. If not, this may be 
             an indication that there are deficiencies in the abstract 
             or introduction. 
          Working Group Summary 
             Was there anything in WG process that is worth noting? For 
             example, was there controversy about particular points or 
             were there decisions where the consensus was particularly 
             rough? 
          Document Quality 
             Are there existing implementations of the protocol? Have a 
             significant number of vendors indicated their plan to 
             implement the specification? Are there any reviewers that 
             merit special mention as having done a thorough review, 
             e.g., one that resulted in important changes or a 
             conclusion that the document had no substantive issues? If 
             there was a MIB Doctor, Media Type or other expert review, 
             what was its course (briefly)? In the case of a Media Type 
             review, on what date was the request posted? 
Technical Summary 
   This document describes a mechanism for delivering root keys from an
   Extensible Authentication Protocol (EAP) server to another network
   server that requires the keys for offering security protected
   services, such as re-authentication, to an EAP peer.  The distributed
   root key can be either a usage-specific root key (USRK), a domain-
   specific root key (DSRK) or a domain-specific usage-specific root key
   (DSUSRK) that has been derived from an Extended Master Session Key
   (EMSK) hierarchy previously established between the EAP server and an
   EAP peer.  The document defines a key distribution exchange (KDE)
   protocol that can distribute these different types of root keys over
   AAA and discusses its security requirements.

Working Group Summary 
   The hokey WG has reviewed the document without particular controversy.

Document Quality
   The document is of high quality and well written.