Re: [Emu] Review - draft-ietf-emu-crypto-bind-00.txt

Fri, 22 Feb 2013 13:11:56 -0800 

>>>>> "Jim" == Jim Schaad <i...@augustcellars.com> writes:

    Jim> As was pointed out to me, the subject message on the message
    Jim> had the wrong draft name (even if the version number was
    Jim> right).

Thanks for the review.
I've addressed all the comments except:

1) I'm asking a co-author to help with your recommendations about
ascii-art

2) 
    >> 5.  In section 3.2.2 - Item #1 seems to be a hardship to get
    >> implemented
    Jim> and
    >> get right.  There is an easy argument that servers can have a
    >> policy configured about what inner methods can be used, but
    >> imposing it on the peer and making the configuration be server
    >> based can be problematic.  I think that this issue probably
    >> deserves more text.  How is the
    Jim> configuration
    >> updated and transferred to the peer.

The list of bullets is at the end of the section in a "recap".

I did add a sentence to the paragraph about peer policy pointing out
that it's difficult to configure this policy.
The difficulty of this sort of peer configuration is one of the main
reasons I think EMSK-based cryptographic binding is important.
So, I don't have any good answers.

I don't think making the configuration server-based is particularly
tricky; I think getting any EAP configuration at all beyond the minimal
to get things working to the peer is the
hard part.
I'd ex pect most peers only interact with one EAP server.
Even when peers interact with multiple EAP servers the configuration
already tends to be server specific.

    >> 
    >> 6.  In section 3.2.4 - "then condition 3" need to tell me where
    >> condition
    Jim> 3 is -
    >> what section?

There's now a parenthetical defining condition 3; all the numbered
conditions are references back to  3.1.
I think with the parenthetical added the text is clear without adding a
section 3.1 reference to each numbered condition.

    >> 
    >> 8.  In section 3.3 - can the intended intermediary be on the
    >> other side -
    Jim> that is
    >> between the NAS and the authenticator rather than the peer and
    >> the NAS?  This is not clear from the text
It's always between the NAS and the home server.

Added clarification sentence.

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to