Alan DeKok writes... > This is the first I've heard of an "implicit authentication > action" in this context.
We have NULL cipher-suites, why can't we have NULL authentication methods? > We're arguing over semantics. Yes. > Depending on who you are, it is "inappropriate" or "useful" to carry > that information in EAP. My opinion is that is both "useful" *and* "inappropriate". See my recent response to Steve Hanna's post. I think that either the EMU WG or NEA WG needs to seek to amend the "domain of applicability" for EAP to explicitly include transport of authorization-related data, and be done with it. That's the straightforward approach. It avoids the need to cling to alternate definitions of well understood terms. If you need to re-charter to gain that authority, then so be it. IMHO, this whole discussion looks like an end-run around the "domain of applicability" restrictions for EAP. Shall we take the high road here? At the very least, you could seek clarification from the IESG as to whether they think that the current "domain of applicability" for EAP embraces the "additional data" you want to include. After all, enforcement of "applicability statements" is a very hit or miss thing in the IETF. You may get lucky. :-) _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
