Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
Note: This ballot was opened for revision 02 and is now closed.
(Russ Housley) Yes
(Jari Arkko) No Objection
> Using multiple independent EAP > conversations is similar to the separate Network Access Provider > (NAP) and Internet Service Provider (ISP) authentication exchanges in > [PANA]. The PANA WG is discussing the removal of this option. Consider removing/reword this part to avoid confusion.
(Ross Callon) No Objection
(Brian Carpenter) No Objection
(Lisa Dusseault) No Objection
(Lars Eggert) No Objection
Section 1., paragraph 4: > To take an another example, when an operator is hosting a VPN gateway > service for a third party, it may be necessary to authenticate the > client to both the operator (for billing purposes) and the third > party's AAA server (for authorizing access to the third party's > internal network). Nit: s/an another/another/
(Ted Hardie) No Objection
(Sam Hartman) (was Discuss) No Objection
(Cullen Jennings) No Objection
(David Kessens) No Objection
(Dan Romascanu) No Objection
(Mark Townsley) No Objection
I believe PANA will retain multiple authentication in its Framework document, it is only the explicit multiple-auth mechanism built into the pana base protocol specification that is being removed. Perhaps simply referring to the PANA Framework document vs. the pana-pana base protocol is all that needs to be changed here. Please double-check with the PANA chairs.