| Review of draft-adrangi-eap-network-discovery-00.txt | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Sun, 6 Jun 2004 12:39:49 -0400 (EDT) | |
This document is comprised of several major sections: 1. Introduction (problem statement) 2. Specification of the ABNF 3. Delivery options 4. Security Considerations Overall, it seems to me that the material in Section 1 could be slimmed down or eliminated entirely via reference to the EAP Network Selection problem statement document. For example, one of the figures in Section appears to be duplicated as Figure 3 in the problem statement draft, as is some of the discussion. The terminology section should define the terms "MN" and "HSN". There are a number of issues with Section 2: a. The CHAR, DIGIT and ALPHA terminals are not defined or referenced. b. Is "=" a legal character within value? c. Rather than referencing RFC 2486bis, a separate definition of "Realm" is used that differs from that in RFC 2486bis. Since there is already a normative reference to RFC 2486bis, referencing the definition of "Realm" in that document shouldn't be a big deal. Section 3 includes discussion of AAA behavior, including normative language that appears to update RFC 3579 and RFC 2607. It also contains suggestions for operator deployment. Both of these considerations don't seem necessary to me in a document of this type, which should focus on defining the EAP extension. Instead, I'd suggest that Section 3 be limited to discussion of EAP issues. Section 4 notes that the network information is a hint. This implies that existing implementations will ignore the hint, presumably without affecting interoperability. It also implies that the peer needs to be robust against misleading information, but this section does not describe the potential attacks or how a peer can guard against them. I'm not sure that the analogy to the SSID is a good one, unless it's being suggested that Channel Bindings be used to verify the network information after the fact. Section 6, references Assuming that discussion of AAA is eliminated in this document, then normative references ot RADIUS or Diameter should not be needed. The only normative references would then be to RFC 2234 (by the way, have you checked the ABNF??), RFC 3748 and RFC 2486bis.
-
Review of draft-adrangi-eap-network-discovery-00.txt Bernard Aboba, June 6 2004
-
RE: Review of draft-adrangi-eap-network-discovery-00.txt Adrangi, Farid, June 6 2004
- RE: Review of draft-adrangi-eap-network-discovery-00.txt Bernard Aboba, June 7 2004
- RE: Review of draft-adrangi-eap-network-discovery-00.txt Adrangi, Farid, June 7 2004
-
RE: Review of draft-adrangi-eap-network-discovery-00.txt Adrangi, Farid, June 6 2004
Results generated by Tiger Technologies using MHonArc.