Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
RFC 4739

Note: This ballot was opened for revision 02 and is now closed.

(Russ Housley) Yes

(Jari Arkko) No Objection

Comment (2006-08-03)
No email
send info
> Using multiple independent EAP
> conversations is similar to the separate Network Access Provider
> (NAP) and Internet Service Provider (ISP) authentication exchanges in
> [PANA].

The PANA WG is discussing the removal of this option. Consider
removing/reword this part to avoid confusion.

(Ross Callon) No Objection

(Brian Carpenter) No Objection

(Lisa Dusseault) No Objection

(Lars Eggert) No Objection

Comment (2006-08-02)
No email
send info
Section 1., paragraph 4:

>    To take an another example, when an operator is hosting a VPN gateway
>    service for a third party, it may be necessary to authenticate the
>    client to both the operator (for billing purposes) and the third
>    party's AAA server (for authorizing access to the third party's
>    internal network).

  Nit: s/an another/another/

(Ted Hardie) No Objection

(Sam Hartman) (was Discuss) No Objection

(Cullen Jennings) No Objection

(David Kessens) No Objection

(Dan Romascanu) No Objection

(Mark Townsley) No Objection

Comment (2006-08-03)
No email
send info
I believe PANA will retain multiple authentication in its Framework document, it is only the explicit multiple-auth mechanism built into the pana base protocol specification that is being removed. Perhaps simply referring to the PANA Framework document vs. the pana-pana base protocol is all that needs to be changed here. Please double-check with the PANA chairs.