eap Mailing List: Re: [eap]: questions on AAA key management draft

[Bernard Aboba (bernard_aboba]

> First of all I appreciate Bernard and Russ providing guidance for the
> community and am wondering if there is a plan for sequels? And I don't
> know which WG this draft was targeted for? AAA WG maybe?

The document was intended to provide guidance for the IETF as a whole,
though it originated from a talk that Russ gave in the AAA WG at IETF 56.

> I am drawing parallels
> between this draft and EAP keying drafts based on the following (may
> that is not the intention).

At the point when Russ gave his talk at IETF 56, no IETF specification
involving AAA-based key management had ever been approved for publication
as an IETF Proposed Standard, though many had tried.  Therefore one of the
key questions that we were trying to answer was "What is the bar for
AAA-based key management proposals seeking approval?"

The "AAA Key Management" document attempts to describe the requirements
that specifications need to meet in order to be published as IETF Proposed
Standards.

Since the requirements are generic, they apply to the EAP Key Framework
document as well as any other document.  Specifically, in order to enable
its publication, the EAP Key Framework document needs to demonstrate that
EAP, along with AAA and Secure Association Protocols, can meet the
requirements described in the document.

Note that the details of that proof are out of scope of the "AAA Key
Management Requirements" document, but very  much in scope for the EAP Key
Framework document.