eap Mailing List: RE: [eap]: questions on AAA key management draft

[Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri]

Hi Bernard, 

Please see inlines,

Regards,

Madjid

<snip>
At the point when Russ gave his talk at IETF 56, no IETF specification
involving AAA-based key management had ever been approved for
publication as an IETF Proposed Standard, though many had tried.
Therefore one of the key questions that we were trying to answer was
"What is the bar for AAA-based key management proposals seeking
approval?"  

Madjid>>I think with the EAP keying going on standards track, the bar
must have been raised, no? So where do we stand now?

The "AAA Key Management" document attempts to describe the requirements
that specifications need to meet in order to be published as IETF
Proposed Standards. 

Since the requirements are generic, they apply to the EAP Key Framework
document as well as any other document.  Specifically, in order to
enable its publication, the EAP Key Framework document needs to
demonstrate that EAP, along with AAA and Secure Association Protocols,
can meet the requirements described in the document. 

Madjid>> Makes sense. However, do you agree with the points on the needs
for further clarification as I raised in my email. I understand that
Russ and yourself are busy, is it possible to provide revisions with
more clarifications? I can volunteer for help if needed.

Note that the details of that proof are out of scope of the "AAA Key
Management Requirements" document, but very  much in scope for the EAP
Key Framework document.

Madjid>> agreed.