Protocol for Carrying Authentication and Network Access (PANA) Threat Analysis and Security Requirements
Note: This ballot was opened for revision 07 and is now closed.
(Thomas Narten; former steering group member) Yes
(Alex Zinin; former steering group member) No Objection
(Bill Fenner; former steering group member) No Objection
(David Kessens; former steering group member) No Objection
(Jon Peterson; former steering group member) No Objection
(Steven Bellovin; former steering group member) (was Discuss) No Objection
(Ted Hardie; former steering group member) No Objection
No further blocking objections. Two smaller points: The draft uses co-located to mean something far beyond "in the same place", and I'd suggest expanding on the term or looking for another that covers the ground a bit better. The "service theft" threat implies a threat to other systems which is not necessarily present in other threats--someone taking over another's IP address and MAC may also be authorized by weak schemes at upper layers that rely on those; further, it opens the possibility of attempts to take over other existing flows. This draft doesn't need to cover that, but some text pointing to the possibility might be useful
(Russ Housley; former steering group member) No Record
Please update the Abstract so that it starts with the point of the document, rather than the point of the working group. I propose: This document discusses the threats to protocols used to carry authentication for IP network access. The security requirements arising out of these threats will be used as additional input to the PANA (Protocol for Carrying Authentication for Network Access) Working Group for designing the IP-based network access authentication protocol.