Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)
RFC 5422

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Document Action: 'Dynamic Provisioning using Flexible 
         Authentication via Secure Tunneling Extensible Authentication 
         Protocol (EAP-FAST)' to Informational RFC 

The IESG has approved the following document:

- 'Dynamic Provisioning using Flexible Authentication via Secure 
   Tunneling Extensible Authentication Protocol (EAP-FAST) '
   <draft-cam-winget-eap-fast-provisioning-10.txt> as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-cam-winget-eap-fast-provisioning-10.txt

Technical Summary 

   The flexible authentication via secure tunneling EAP method (EAP-FAST)

   enables secure communication between a peer and a server by using
   Transport Layer Security (TLS) to establish a mutually authenticated
   tunnel.  EAP-FAST also enables the provisioning credentials or other
   information through this protected tunnel.  This document describes the

   use of EAP-FAST for dynamic provisioning.  


Working Group Summary 

   This is part of the ongoing effort to document existing deployed EAP
   methods.  The purpose of this document is to publish existing behavior
   and it is therefore not part of a working group effort.  

Document Quality 

   There are multiple implementations of EAP-FAST provisioning from
   different vendors that interoperate.  A number of implementers have
   reviewed this specification.  

Personnel

   Joe Salowey is the Document Shepherd; Tim Polk is the responsible
  Area Director.

RFC Editor Note

Please make the three following changes:

- Section 4.1.3 - third sentence in paragraph 1

OLD
It is presented within the protected EAP-FAST TLS tunnel to provide
user information during stateless session resume so user authentication
MAY be skipped. 

NEW

The PAC-Opaque portion of the User Authorization PAC is presented
within the protected EAP-FAST TLS tunnel to provide user information
during stateless session resume so user authentication MAY be skipped.

- Section 4.2.3 - first sentence

OLD

The PAC-Opaque attribute is included within the PAC TLV whenever the
server wishes to issue or renew a PAC.

NEW

The PAC-Opaque attribute is included within the PAC TLV whenever the
server wishes to issue or renew a PAC or the client wishes to present a
User Authorization PAC to the server.

- Section 4.2.4 - add to end of first paragraph

NEW 

PAC-Info attribute is included within the PAC TLV whenever the server
wishes to issue or renew a PAC.