Protocol for Carrying Authentication and Network Access (PANA) Threat Analysis and Security Requirements
Note: This ballot was opened for revision 07 and is now closed.
(Thomas Narten) Yes
(Steven Bellovin) (was Discuss) No Objection
(Bill Fenner) No Objection
(Ted Hardie) No Objection
Comment (2004-06-23 for -)
No further blocking objections. Two smaller points: The draft uses co-located to mean something far beyond "in the same place", and I'd suggest expanding on the term or looking for another that covers the ground a bit better. The "service theft" threat implies a threat to other systems which is not necessarily present in other threats--someone taking over another's IP address and MAC may also be authorized by weak schemes at upper layers that rely on those; further, it opens the possibility of attempts to take over other existing flows. This draft doesn't need to cover that, but some text pointing to the possibility might be useful
(David Kessens) No Objection
(Jon Peterson) No Objection
(Alex Zinin) No Objection
(Russ Housley) No Record
Comment (2004-06-24 for -)
Please update the Abstract so that it starts with the point of the document, rather than the point of the working group. I propose: This document discusses the threats to protocols used to carry authentication for IP network access. The security requirements arising out of these threats will be used as additional input to the PANA (Protocol for Carrying Authentication for Network Access) Working Group for designing the IP-based network access authentication protocol.