Sam,
What I'm proposing is, the charter also includes text for
- mentioning the concept of in-band and out-band EAP use for app security;
- stating the WG will "consider" proposals for out-band solutions.
I'm not seeking locking in to a solution like what is being done for the
in-band approach, hence I do not understand why a solution I-D has to be
referenced for what I'm seeking above.
As you see there have been examples of out-band solution discussed in IETF
since 2004. This is not an over-nite thing we scribbled on a napkin. On my
part, I failed to follow up with the work (having missed the bar bof, and
mailing list discussions); but I think chairs failed to provide a balanced
view on the solution space as at least you have been well aware of out-band
approaches. I think this distinction deserved recognition and discussion in
the group.
Anyways, my proposal above is not radical. It just opens the door for
discussions without committing the WG to deliver a specific solution, or
even any solution (see I said "consider" above).
I think this is more productive then asking us to wrestle with a
re-chartering barrier.
Alper
> -----Original Message-----
> From: Moonshot community list [mailto:MOONSHOT-
> [log in to unmask]] On Behalf Of Sam Hartman
> Sent: Wednesday, July 28, 2010 6:15 PM
> To: [log in to unmask]
> Subject: Re: Charter
>
> I'm very open to the idea of adding a specific out-of-band solution to
> the charter as well as other specific in-band solutions to the charter
> after the community (either a BOF or this WG) has evaluated those
> proposals.
> so, I think it would be entirely reasonable for you to put together a
> proposal for an out-of-band solution for us to consider adding to the
> charter in IETF 79.
> I strongly support adding text to the charter to make that clear.
>
> My moderately strong preference is that this WG explicitly enumerate
> the
> solutions (in-band or out-of-band) it is currently working on in its
> charter. so, I would not support opening it up quite as much as you
> want. Basically I'm asking you to meet the same bar we met with the
> current solution: get in front of a room, present the solution, and
> have
> people interested in working on it. If you can do that, adding it to
> the charter seems entirely reasonable.
>
> That's also true for those who want to have a mechanism for using a
> network access authentication tobootstrap application authentication.
>
> --Sam
|