PANA Enabling IPsec based Access Control
draft-ietf-pana-ipsec-07

[Note]: 'New version needed based on security area review. WG also discussing where ipsec should fit in with respect to the base document.' added by Mark Townsley

PROTO Questionairre

Hello,



The PANA WG has completed working group last call on the following

I-D:

PANA Enabling IPsec based Access Control





Revision 7 of the I-D incorporates all the changes that resulted from

reviews by the WG and chairs. The I-D is ready for IESG review and

publication.



Status sought for the I-D: Standards track



1) Have the chairs personally reviewed this version of the ID and do

  they believe this ID is sufficiently baked to forward to the IESG

  for publication?



Yes. This I-D has been discussed extensively at WG meetings

previously as well.



2) Has the document had adequate review from both key WG members and

  key non-WG members? Do you have any concerns about the depth or

  breadth of the reviews that have been performed?



Yes. Chairs have sought I-D review from selected IETF people with

expertise in the area of security and other areas. A number of WG

members have also reviewed the draft. We are satisfied with the depth

of the review on this I-D.



3) Do you have concerns that the document needs more review from a

  particular (broader) perspective (e.g., security, operational

  complexity, someone familiar with AAA, etc.)?



No. The document has had sufficient cross-area review and no further

reviews from other areas are essential at this time.

 

4) Do you have any specific concerns/issues with this document that

  you believe the ADs and/or IESG should be aware of? For example,

  perhaps you are uncomfortable with certain parts of the document,

  or whether there really is a need for it, etc., but at the same

  time these issues have been discussed in the WG and the WG has

  indicated it wishes to advance the document anyway.



No issues of concerns with the I-D. It is ready for IESG review.

 

5) How solid is the WG consensus behind this document?  Does it

  represent the strong concurrence of a few individuals, with others

  being silent, or does the WG as a whole understand and agree with

  it?



Strong WG consensus exists behind this document. There has never been

any dispute about the need for this I-D and solution in the scope of

PANA. It is an integral part of the PANA protocol.



6) Has anyone threatened an appeal or otherwise indicated extreme

  discontent?  If so, please summarize what are they upset about.



No.

 

7) Have the chairs verified that the document adheres to _all_ of the

  ID nits?  (see http://www.ietf.org/ID-nits.html).



Chairs have verified for nits and ensured that it complies.

 

8) Does the document a) split references into normative/informative,

  and b) are there normative references to IDs, where the IDs are not

  also ready for advancement or are otherwise in an unclear state?

  (Note: the RFC editor will not publish an RFC with normative

  references to IDs, it will delay publication until all such IDs are

  also ready for publication as RFCs.)



The document does split references into normative and

informative. All references are valid and there are no invalid

pointers at this time.



9) For Standards Track and BCP documents, the IESG approval

  announcement includes a writeup section with the following

  sections:



  - Technical Summary



  PANA is a protocol for authenticating clients to the access network

  using IP based protocols.  The PANA protocol authenticates the

  client and also establishes a PANA security association between the

  PANA client and PANA authentication agent at the end of a

  successful authentication. 

  This document discusses the details for establishing an IPsec 

  security association using the PANA security association for enabling 

  IPsec based access control.



  - Working Group Summary

 

  The document has been presented at several IETF WG meetings and

  been discussed extensively on the mailing list as well. The

  document has been reviewed by a number of experts selected by the

  chairs and comprise people from different areas. The working group

  last call resulted in a few comments that have been addressed in

  the current version of the I-D. There is strong consensus in the WG

  to publish this I-D as a proposed standard.

 

  - Protocol Quality



  The document does not specify a new protocol. It specifies how

  IPsec can be applied within the scope of PANA for securing the link

  between the PaC and the PAA or access router. The I-D specifies the

  method by which an IPsec SA is established that is used for

  securing the traffic between the host (PaC) and the access

  network.

  No known implementations of this protocol exist at this time.





-Chairs

PROTO Questionairre

Hello,



The PANA WG has completed working group last call on the following

I-D:

PANA Enabling IPsec based Access Control





Revision 7 of the I-D incorporates all the changes that resulted from

reviews by the WG and chairs. The I-D is ready for IESG review and

publication.



Status sought for the I-D: Standards track



1) Have the chairs personally reviewed this version of the ID and do

  they believe this ID is sufficiently baked to forward to the IESG

  for publication?



Yes. This I-D has been discussed extensively at WG meetings

previously as well.



2) Has the document had adequate review from both key WG members and

  key non-WG members? Do you have any concerns about the depth or

  breadth of the reviews that have been performed?



Yes. Chairs have sought I-D review from selected IETF people with

expertise in the area of security and other areas. A number of WG

members have also reviewed the draft. We are satisfied with the depth

of the review on this I-D.



3) Do you have concerns that the document needs more review from a

  particular (broader) perspective (e.g., security, operational

  complexity, someone familiar with AAA, etc.)?



No. The document has had sufficient cross-area review and no further

reviews from other areas are essential at this time.

 

4) Do you have any specific concerns/issues with this document that

  you believe the ADs and/or IESG should be aware of? For example,

  perhaps you are uncomfortable with certain parts of the document,

  or whether there really is a need for it, etc., but at the same

  time these issues have been discussed in the WG and the WG has

  indicated it wishes to advance the document anyway.



No issues of concerns with the I-D. It is ready for IESG review.

 

5) How solid is the WG consensus behind this document?  Does it

  represent the strong concurrence of a few individuals, with others

  being silent, or does the WG as a whole understand and agree with

  it?



Strong WG consensus exists behind this document. There has never been

any dispute about the need for this I-D and solution in the scope of

PANA. It is an integral part of the PANA protocol.



6) Has anyone threatened an appeal or otherwise indicated extreme

  discontent?  If so, please summarize what are they upset about.



No.

 

7) Have the chairs verified that the document adheres to _all_ of the

  ID nits?  (see http://www.ietf.org/ID-nits.html).



Chairs have verified for nits and ensured that it complies.

 

8) Does the document a) split references into normative/informative,

  and b) are there normative references to IDs, where the IDs are not

  also ready for advancement or are otherwise in an unclear state?

  (Note: the RFC editor will not publish an RFC with normative

  references to IDs, it will delay publication until all such IDs are

  also ready for publication as RFCs.)



The document does split references into normative and

informative. All references are valid and there are no invalid

pointers at this time.



9) For Standards Track and BCP documents, the IESG approval

  announcement includes a writeup section with the following

  sections:



  - Technical Summary



  PANA is a protocol for authenticating clients to the access network

  using IP based protocols.  The PANA protocol authenticates the

  client and also establishes a PANA security association between the

  PANA client and PANA authentication agent at the end of a

  successful authentication. 

  This document discusses the details for establishing an IPsec 

  security association using the PANA security association for enabling 

  IPsec based access control.



  - Working Group Summary

 

  The document has been presented at several IETF WG meetings and

  been discussed extensively on the mailing list as well. The

  document has been reviewed by a number of experts selected by the

  chairs and comprise people from different areas. The working group

  last call resulted in a few comments that have been addressed in

  the current version of the I-D. There is strong consensus in the WG

  to publish this I-D as a proposed standard.

 

  - Protocol Quality



  The document does not specify a new protocol. It specifies how

  IPsec can be applied within the scope of PANA for securing the link

  between the PaC and the PAA or access router. The I-D specifies the

  method by which an IPsec SA is established that is used for

  securing the traffic between the host (PaC) and the access

  network.

  No known implementations of this protocol exist at this time.





-Chairs