Skip to main content

Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)
draft-haverinen-pppext-eap-sim-16

Revision differences

Document history

Date Rev. By Action
2012-08-22
16 (System) post-migration administrative database adjustment to the No Objection position for Sam Hartman
2012-08-22
16 (System) post-migration administrative database adjustment to the No Objection position for Russ Housley
2005-10-25
(System) Posted related IPR disclosure: Nokia Corporation's statement about IPR claimed in draft-arkko-pppext-eap-aka-15.txt
2005-02-10
16 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2005-02-10
16 Amy Vezza [Note]: '2005-02-09: IANA questions resolved; document can (finally!) be
approved.
' added by Amy Vezza
2005-02-09
16 Amy Vezza IESG state changed to Approved-announcement sent
2005-02-09
16 Amy Vezza IESG has approved the document
2005-02-09
16 Amy Vezza Closed "Approve" ballot
2005-02-09
16 Thomas Narten State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Thomas Narten
2005-02-09
16 Thomas Narten [Note]: '
2005-02-09: IANA questions resolved; document can (finally!) be
approved.
' added by Thomas Narten
2005-01-03
16 Russ Housley [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley
2004-12-29
16 Sam Hartman [Ballot Position Update] Position for Sam Hartman has been changed to No Objection from Discuss by Sam Hartman
2004-12-28
16 Russ Housley
[Ballot discuss]
My original concern was:

  I have concerns about the security of these in many environments.  It
  seems like these were designed …
[Ballot discuss]
My original concern was:

  I have concerns about the security of these in many environments.  It
  seems like these were designed for a particular threat environment, but
  making them available as EAP methods makes it very easy for them to be
  used in inappropriate environments.

  The note from Thomas indicates that the IETF has not done a complete
  review, and it will not do a security review.  I believe that we should
  add an IESG note that documents the situation.

A proposed IESG note was added to the document.  However, I think the
note should also say that it is infeasible to evaluate the security of
the protocols without specification of all cryptographic algorithms used.
The cryptographic algorithms are included by reference to documents that
are not readily available.
2004-12-28
16 Russ Housley
[Ballot discuss]
My original concer was:

  I have concerns about the security of these in many environments.  It
  seems like these were designed …
[Ballot discuss]
My original concer was:

  I have concerns about the security of these in many environments.  It
  seems like these were designed for a particular threat environment, but
  making them available as EAP methods makes it very easy for them to be
  used in inappropriate environments.

  The note from Thomas indicates that the IETF has not done a complete
  review, and it will not do a security review.  I believe that we should
  add an IESG note that documents the situation.

A proposed IESG note was added to the document.  However, I think the
note should also say that it is infeasible to evaluate the security of
the protocols without specification of all cryptographic algorithms used.
The cryptographic algorithms are included by reference to documents that
are not readily available.
2004-12-28
16 Russ Housley
[Ballot discuss]
My opiginal concer was:

  I have concerns about the security of these in many environments.  It
  seems like these were designed …
[Ballot discuss]
My opiginal concer was:

  I have concerns about the security of these in many environments.  It
  seems like these were designed for a particular threat environment, but
  making them available as EAP methods makes it very easy for them to be
  used in inappropriate environments.

  The note from Thomas indicates that the IETF has not done a complete
  review, and it will not do a security review.  I believe that we should
  add an IESG note that documents the situation.

A proposed IESG note was added to the document.  However, I think the
note should also say that it is infeasible to evaluate the security of
the protocols without specification of all cryptographic algorithms used.
The cryptographic algorithms are included by reference to documents that
are not readily available.
2004-12-27
16 (System) New version available: draft-haverinen-pppext-eap-sim-16.txt
2004-12-03
16 (System) Removed from agenda for telechat - 2004-12-02
2004-12-02
16 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2004-12-02
16 Allison Mankin [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin
2004-12-02
16 Russ Housley
[Ballot discuss]
I have concerns about the security of these in many environments.  It
  seems like these were designed for a particular threat environment, …
[Ballot discuss]
I have concerns about the security of these in many environments.  It
  seems like these were designed for a particular threat environment, but
  making them available as EAP methods makes it very easy for them to be
  used in inappropriate environments.

  The note from Thomas indicates that the IETF has not done a complete
  review, and it will not do a security review.  I believe that we should
  add an IESG note that documents the situation.
2004-12-02
16 Russ Housley [Ballot Position Update] New position, Discuss, has been recorded for Russ Housley by Russ Housley
2004-12-02
16 Michelle Cotton
IANA Comments:
We understand that the only IANA Action for this document is to change
the reference for EAP Method Type value 18 (Nokia IP …
IANA Comments:
We understand that the only IANA Action for this document is to change
the reference for EAP Method Type value 18 (Nokia IP smart card
authentication) in the following registry:
2004-12-02
16 Harald Alvestrand
[Ballot comment]
Reviewed by John Loughney, Gen-ART

His review:

First off, conflict of interest statement: I work with the editor, and
my company has deployed …
[Ballot comment]
Reviewed by John Loughney, Gen-ART

His review:

First off, conflict of interest statement: I work with the editor, and
my company has deployed solutions based upon this draft.

That out of the way, I think this is ready for publication.  This
solution is being deployed in some networks, and it is needed by 3GPP.

The document is well written and basically I couldn't find any real
nits to complain about, and as I understand Bernard Aboba has done an
extensive review with respect to EAP usage, so I will assume his
review covered EAP/Authentication/Authorization mechanisms.

The draft is quite lengthy (91 pages) but much of the document also
covers background GSM material - I note the -00 draft was just 14
pages.
2004-12-02
16 Harald Alvestrand [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand
2004-12-02
16 Margaret Cullen [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman
2004-12-01
16 Scott Hollenbeck [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck
2004-12-01
16 Sam Hartman
[Ballot discuss]
My discuss for eap-aka also applies.  It is repeated below. There seem to be two types of mutual authentication in the EAP
community.  …
[Ballot discuss]
My discuss for eap-aka also applies.  It is repeated below. There seem to be two types of mutual authentication in the EAP
community.  Some EAP methods authenticate the identity of the
authenticator while other methods that provide mutual authentication
only authenticate the identity of the EAP server.  RFC 3748 seems a
bit unclear on this distinction although the issue appears to be under
active discussion in the working group.


As best I can tell, this method only authenticates the identity of the
EAP server.  If true, section 11.3 should be revised.
2004-12-01
16 Sam Hartman [Ballot Position Update] New position, Discuss, has been recorded for Sam Hartman by Sam Hartman
2004-11-30
16 Thomas Narten [Ballot Position Update] New position, Yes, has been recorded for Thomas Narten
2004-11-30
16 Thomas Narten Ballot has been issued by Thomas Narten
2004-11-30
16 Thomas Narten Created "Approve" ballot
2004-11-30
16 (System) Ballot writeup text was added
2004-11-30
16 (System) Last call text was added
2004-11-30
16 (System) Ballot approval text was added
2004-11-29
15 (System) New version available: draft-haverinen-pppext-eap-sim-15.txt
2004-11-24
16 Thomas Narten Placed on agenda for telechat - 2004-12-02 by Thomas Narten
2004-11-24
16 Thomas Narten State Changes to IESG Evaluation from AD Evaluation by Thomas Narten
2004-11-24
16 Thomas Narten
[Note]: '2004-11-23: Ready for full IESG review (when -15 appears). Note:
needed by 3GPP; document has been reviewed by EAP WG for conformance
with EAP, …
[Note]: '2004-11-23: Ready for full IESG review (when -15 appears). Note:
needed by 3GPP; document has been reviewed by EAP WG for conformance
with EAP, but security properties have not (and will not) be
reviewed. Document has been submitted a independent submission to RFC
Editor, but 3GPP (via liaison discussions) has requested that the
document be reviewed by IETF for conformance with EAP.
' added by Thomas Narten
2004-10-28
14 (System) New version available: draft-haverinen-pppext-eap-sim-14.txt
2004-09-01
16 Thomas Narten
[Note]: '2004-09-01: Needed by 3GPP; will be reviewed by EAP WG for conformance
with EAP, but security properties will not be reviewed. Document has
been …
[Note]: '2004-09-01: Needed by 3GPP; will be reviewed by EAP WG for conformance
with EAP, but security properties will not be reviewed. Document has
been submitted a independent submission to RFC Editor, but 3GPP (via
liaison discussions) has requested that the document be reviewed by
IETF, hence I''m shepherding.
' added by Thomas Narten
2004-09-01
16 Thomas Narten Draft Added by Thomas Narten in state AD Evaluation
2004-04-09
13 (System) New version available: draft-haverinen-pppext-eap-sim-13.txt
2003-10-28
12 (System) New version available: draft-haverinen-pppext-eap-sim-12.txt
2003-10-21
(System) Posted related IPR disclosure: Nokia's Statement about IPR Claimed in draft-haverinen-pppext-eap-sim
2003-06-30
11 (System) New version available: draft-haverinen-pppext-eap-sim-11.txt
2003-03-03
10 (System) New version available: draft-haverinen-pppext-eap-sim-10.txt
2003-01-17
09 (System) New version available: draft-haverinen-pppext-eap-sim-09.txt
2002-12-20
08 (System) New version available: draft-haverinen-pppext-eap-sim-08.txt
2002-12-11
(System) Posted related IPR disclosure: Nokia's's Patent statement pertaining to draft-haverinen-pppext-eap-sim-07.txt and draft-arkko-pppext-eap-aka-06.txt
2002-11-07
07 (System) New version available: draft-haverinen-pppext-eap-sim-07.txt
2002-10-25
(System) Posted related IPR disclosure: Nokia's Patent claim pertaining to draft-haverinen-pppext-eap-sim
2002-10-03
06 (System) New version available: draft-haverinen-pppext-eap-sim-06.txt
2002-07-01
05 (System) New version available: draft-haverinen-pppext-eap-sim-05.txt
2002-06-07
04 (System) New version available: draft-haverinen-pppext-eap-sim-04.txt
2002-02-28
03 (System) New version available: draft-haverinen-pppext-eap-sim-03.txt
2001-11-21
02 (System) New version available: draft-haverinen-pppext-eap-sim-02.txt
2001-04-11
01 (System) New version available: draft-haverinen-pppext-eap-sim-01.txt
2001-02-23
00 (System) New version available: draft-haverinen-pppext-eap-sim-00.txt