PT-EAP: Posture Transport (PT) Protocol for Extensible Authentication Protocol (EAP) Tunnel Methods
Note: This ballot was opened for revision 08 and is now closed.
(Stephen Farrell) Yes
Barry Leiba Yes
Comment (2013-01-30 for -08)
-- Section 7 -- This document also defines one new IANA top-level registry: PT-EAP Versions. This section explains how this registry works. Because only eight (8) values are available in this registry, a high bar is set for new assignments. The only way to register new values in this registry is through Standards Action (via an approved Standards Track RFC). Thanks very much for including an explanation of your choice of registration policy. I really appreciate that. I have a very tiny, non-blocking point, of no significance other than tidiness of the IANA registries. From IANA's last-call comments: Second, a new registry is to be created. This registry will be called the "PT-EAP Versions" registry. The document requests that the be a top-level registry in the IANA Matrix. They're referring to the "new IANA top-level registry" bit above. Is there a good reason for this to have its own group on the main IANA page? I suggest this: There's a group called "TLS-based Posture Transport Protocol (PT-TLS)", which has the PT-TLS Error Codes and PT-TLS Message Types registries in it. Might it be reasonable to rename that group to "Posture Transport Protocols (PT-EAP and PT-TLS)", and to add this registry to that top-level group?
(Ron Bonica) No Objection
(Stewart Bryant) No Objection
(Gonzalo Camarillo) No Objection
(Benoît Claise) No Objection
(Ralph Droms) No Objection
(Wesley Eddy) No Objection
(Adrian Farrel) No Objection
(Brian Haberman) No Objection
(Russ Housley) No Objection
(Pete Resnick) No Objection
Comment (2013-02-04 for -08)
Section 5: The security requirements described in this specification MUST be implemented in any product claiming to be PT-EAP compliant. I couldn't tell *why* a product claiming to be PT-EAP compliant MUST implement the security requirements described in this specification. I think the abobe sentence could mean one of two things: 1. It means, "A product claiming to be PT-EAP compliant implements all of the security requirements described in this specification." That is to say, it's simply describing what it means to be compliant. If that's what is meant, say that; MUST isn't helping anything. 2. It means, "There are security requirements described in this specification that MUST be implemented because they are required for interoperability or to prevent harm." If that's what is meant, please list the particular sections these requirements appear, or list a summary of them here. Saying that I MUST do some things without telling me what specifically I MUST do is not helpful.
(Robert Sparks) No Objection
(Martin Stiemerling) No Objection
(Sean Turner) (was Discuss) No Objection
Thanks for dealing with my discuss.