EMU met on Monday afternoon, with a reasonable attendance. The charter items are making progress, but the work is slow * tunnel requirements - 5 people had read it. * channel bindings ~2 people had read it. We need to have more participation before we can move these items forward. There was a lot of discussion around the zero-knowledge password schemes (EAP-EKE and EAP-PWD). Much of the discussion was around issues outside of EMU, and won't be summarized here. There were two presentations on authorization with EAP. The general feeling was that these items would likely not be appropriate for EMU. A similar issue exists with the tunnel requirements document. The "method chaining" can be used to chain authentications. It can also be used to perform policy checks (e.g. NEA). This looks a lot like authorization, and concerns were raised during the meeting about it. These issues need to be clarified so that we can reach consensus on what is being standardized, and what it does. Alan DeKok.
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.