Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
RFC 6628
Yes
(Sean Turner)
No Objection
(Adrian Farrel)
(Gonzalo Camarillo)
(Robert Sparks)
(Ron Bonica)
(Russ Housley)
(Stewart Bryant)
(Wesley Eddy)
Note: This ballot was opened for revision 13 and is now closed.
Sean Turner Former IESG member
Yes
Yes
(for -13)
Adrian Farrel Former IESG member
No Objection
No Objection
(for -14)
Gonzalo Camarillo Former IESG member
No Objection
No Objection
(for -14)
Peter Saint-Andre Former IESG member
No Objection
No Objection
(2012-03-08 for -13)
Both draft-harkins-ipsecme-spsk-auth and draft-kuegler-ipsecme-pace-ikev2 specify that the password will be prepared using SASLprep (RFC 4013). Why doesn't this specification also define how 'w' is prepared for input to other operations?
Robert Sparks Former IESG member
No Objection
No Objection
(for -14)
Ron Bonica Former IESG member
No Objection
No Objection
(for -14)
Russ Housley Former IESG member
No Objection
No Objection
(for -14)
Stephen Farrell Former IESG member
No Objection
No Objection
(2012-03-15 for -14)
- section 2.2.1 could badly do with some examples if that's possible. I'd expect interop problems in any case, but more without that. Those might be shared with the other scheme drafts. - Section 2, last paragraph - that's confusing - which Y and K calculation is to be done? I think you need to be much clearer about this. - saying "server S does not store any plaintext passwords" is missing 2119 language. While a MUST would be most correct, perhaps a SHOULD is right, in case someone wants to do this using an existing DB of cleartext passwords. - Providing a reference for "Shamir's trick" would be good.
Stewart Bryant Former IESG member
No Objection
No Objection
(for -13)
Wesley Eddy Former IESG member
No Objection
No Objection
(for -14)