This document defines protocols, procedures, and conventions to be
employed by peers implementing the Generic Security Service
Application Program Interface (GSS-API) when using the EAP mechanism.
Through the GS2 family of mechanisms, these protocols also define how
Simple Authentication and Security Layer (SASL, RFC 4422)
applications use the Extensible Authentication Protocol.
Working Group Summary
As "usual" with I-Ds with lots of technical content in the security
area (especially true for GSS-related stuff) there are fewer reviews
than one might want. This document is no better or worse than most
in this respect.
Sam Hartman (an author) had this concern during IETF LC that I'd
like to check with the IESG to make sure we're ok with this document
"EAP (RFC 3748) has a applicability statement scoped very strictly
to network access. This document provides a mechanism that falls
well outside that applicability statement and permits the use of EAP
for general application authentication.
When ABFAB was chartered, there was a charter item to update
the EAP applicability statement. I think A number of people in the
room at the BOF, including myself, would have objected to the work
being chartered had that charter item not been present.
I think that work is important because I believe there are a number of
important concerns that apply to the use of EAP for authentication
beyond network access that need to be documented.
Unfortunately, the technical specification has gotten ahead of the
applicability statement update.
I'm OK with that provided that we're still firmly committed to an
applicability statement update. As part of approving this document now,
I want to confirm that we have consensus at least within the ABFAB
working group and the IESG to do that update. If there is any doubt I'd
far prefer that this document be held until the applicability statement
There is one implementation (moonshot project) that spans multiple
platforms. To our knowledge no other implementations exists or are
planned. The one implementation has seen quite a bit of testing
though expecially for the GSS-layer since lots of opensource
applications have been modified to support ABFAB/GSS-EAP using
Leif Johansson is sheparding (co-chair)
Stephen Farrell (AD)