[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about how to proceed on PIC

To: ietf-ipsra@xxxxxxxx
Subject: Question about how to proceed on PIC
From: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>
Date: Fri, 2 May 2003 08:12:50 -0700
List-archive: <http://www.vpnc.org/ietf-ipsra/mail-archive/>
List-id: <ietf-ipsra.vpnc.org>
List-unsubscribe: <mailto:ietf-ipsra-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-ipsra@xxxxxxxxxxxxx


Greetings again. As many of you know, PIC was sent to the RFC Editor
for publication, and before the RFC came out, a security problem with
the way that PIC, EAP, and other related protocols do authentication
was discovered. The problem is described in detail in
<http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding-02.txt>.

We now have a clearer idea on how to modify PIC to avoid the security
problem, but in the meantime, IKEv2 has moved much closer to being
finished. IKEv2 includes a single standard method for doing legacy
authentication. Also, we have heard little or no interest in
deploying PIC.

So our question to you is, should we fix PIC and get a standards-track
RFC, an informational RFC, or should we withdraw it? There is no reason
for us to create an RFC that no one will implement. We want to hear
from folks in the WG about this so we can decide to go forwards.

--Paul Hoffman and Sara Bitan, WG chairs

Follow-Ups:
- RE: Question about how to proceed on PIC
  - From: Glen Zorn
- Re: Question about how to proceed on PIC
  - From: Jean-Jacques Puig

Prev by Date: RFC 3457 on Requirements for IPsec Remote Access Scenarios
Next by Date: Re: Question about how to proceed on PIC
Previous by thread: RFC 3457 on Requirements for IPsec Remote Access Scenarios
Next by thread: Re: Question about how to proceed on PIC
Index(es):
- Date
- Thread