PT-EAP: Posture Transport (PT) Protocol for Extensible Authentication Protocol (EAP) Tunnel Methods
draft-ietf-nea-pt-eap-09

Note: This ballot was opened for revision 08 and is now closed.

(Stephen Farrell) Yes

Barry Leiba Yes

Comment (2013-01-30 for -08)
No email
send info
-- Section 7 --
   This document also defines one new IANA top-level registry: PT-EAP
   Versions.  This section explains how this registry works.  Because
   only eight (8) values are available in this registry, a high bar is
   set for new assignments.  The only way to register new values in this
   registry is through Standards Action (via an approved Standards Track
   RFC).

Thanks very much for including an explanation of your choice of registration 
policy.  I really appreciate that.

I have a very tiny, non-blocking point, of no significance other than tidiness of
the IANA registries.  From IANA's last-call comments:

   Second, a new registry is to be created. This registry will be called
   the "PT-EAP Versions" registry. The document requests that the be a
   top-level registry in the IANA Matrix.

They're referring to the "new IANA top-level registry" bit above.
Is there a good reason for this to have its own group on the main IANA page?  
I suggest this:

There's a group called "TLS-based Posture Transport Protocol (PT-TLS)", 
which has the PT-TLS Error Codes and PT-TLS Message Types registries in it.  
Might it be reasonable to rename that group to "Posture Transport Protocols 
(PT-EAP and PT-TLS)", and to add this registry to that top-level group?

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

(Gonzalo Camarillo) No Objection

(Benoît Claise) No Objection

(Ralph Droms) No Objection

(Wesley Eddy) No Objection

(Adrian Farrel) No Objection

(Brian Haberman) No Objection

(Russ Housley) No Objection

(Pete Resnick) No Objection

Comment (2013-02-04 for -08)
No email
send info
Section 5:

   The security requirements described in this specification MUST be
   implemented in any product claiming to be PT-EAP compliant.

I couldn't tell *why* a product claiming to be PT-EAP compliant MUST implement the security requirements described in this specification. I think the abobe sentence could mean one of two things:

1. It means, "A product claiming to be PT-EAP compliant implements all of the security requirements described in this specification." That is to say, it's simply describing what it means to be compliant. If that's what is meant, say that; MUST isn't helping anything.

2. It means, "There are security requirements described in this specification that MUST be implemented because they are required for interoperability or to prevent harm." If that's what is meant, please list the particular sections these requirements appear, or list a summary of them here. Saying that I MUST do some things without telling me what specifically I MUST do is not helpful.

(Robert Sparks) No Objection

(Martin Stiemerling) No Objection

(Sean Turner) (was Discuss) No Objection

Comment (2013-03-29)
No email
send info
Thanks for dealing with my discuss.