(1) What type of RFC is being requested (BCP, Proposed Standard, Internet
Standard, Informational, Experimental, or Historic)? Why is this the proper
type of RFC? Is this type of RFC indicated in the title page header?
Proposed Standard, as indicated in the title page header
This is part of the PCP protocol suite, of which all docs are PS
(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:
An IPv4 or IPv6 host can use the Port Control Protocol (PCP) to
flexibly manage the IP address and port mapping information on
Network Address Translators (NATs) or firewalls, to facilitate
communication with remote hosts. However, the un-controlled
generation or deletion of IP address mappings on such network devices
may cause security risks and should be avoided. In some cases the
client may need to prove that it is authorized to modify, create or
delete PCP mappings. This document describes an in-band
authentication mechanism for PCP that can be used in those cases.
The Extensible Authentication Protocol (EAP) is used to perform
authentication between PCP devices.
Working Group Summary:
Was there anything in WG process that is worth noting? For example, was there
controversy about particular points or were there decisions where the consensus
was particularly rough?
There is strong consensus to use an EAP-based mechanism for security.
There was, however, significant controversy about whether to use PANA.
A consensus call was done on the list, and (rough) consensus was called by
by the chairs in close cooperation with the responsible AD, following the
advice outlined in what is now RFC 7282. The chairs reported the results
at IETF 87, with slides at
where rough consensus was declared for not using PANA.
Are there existing implementations of the protocol? Have a significant number
of vendors indicated their plan to implement the specification? Are there any
reviewers that merit special mention as having done a thorough review, e.g.,
one that resulted in important changes or a conclusion that the document had
no substantive issues?
There is at least one implementation of this protocol, and eventually
more are expected. Many individuals have reviewed various versions
of this document over a long period of time.
Who is the Document Shepherd?
Dave Thaler <firstname.lastname@example.org>
Who is the Responsible Area Director?
Brian Haberman <email@example.com>
(3) Briefly describe the review of this document that was performed by the
Document Shepherd. If this version of the document is not ready for
publication, please explain why the document is being forwarded to the IESG.
Document shepherd did:
1) own technical review
2) verified id-nits, IANA considerations, etc. checks per proto writeup
3) verified that issue tracker tickets have been addressed in the document
4) verified that WGLC comments have been addressed in the document
(4) Does the document Shepherd have any concerns about the depth or breadth of
the reviews that have been performed?
(5) Do portions of the document need review from a particular or from broader
perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or
internationalization? If so, describe the review that took place.
Three types of special review took place:
1) Security review, by several security experts (the authors
of this document among them).
2) EAP review, to determine what should be mandatory to implement.
Input from various EAP experts (e.g., Alan DeKok, Gabriel Montenegro,
and Bernard Aboba) across multiple implementations were consulted,
and the draft contains the resulting advice.
3) Precis review, to determine what precis profile should be used.
This was done by Peter St.Andre.
(6) Describe any specific concerns or issues that the Document Shepherd has
with this document that the Responsible Area Director and/or the IESG should
be aware of? For example, perhaps he or she is uncomfortable with certain
parts of the document, or has concerns whether there really is a need for
it. In any event, if the WG has discussed those issues and has indicated that
it still wishes to advance the document, detail those concerns here.
(7) Has each author confirmed that any and all appropriate IPR disclosures
required for full conformance with the provisions of BCP 78 and BCP 79 have
already been filed.
(8) Has an IPR disclosure been filed that references this document?
No IPR disclosures have been filed.
(9) How solid is the WG consensus behind this document? Does it represent the
strong concurrence of a few individuals, with others being silent, or does the
WG as a whole understand and agree with it?
There is strong consensus that a solution is needed.
As noted earlier, the consensus for this particular solution was rough,
after long discussion among many people.
(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate email
messages to the Responsible Area Director. (It should be in a separate email
because this questionnaire is publicly available.)
No appeals threatened to my knowledge.
(11) Identify any ID nits the Document Shepherd has found in this document.
== Outdated reference: A later version (-18) exists of
This one is due to -18 being submitted just after this document.
** Downref: Normative reference to an Informational RFC: RFC 5281
This is intentional. See discussion under question 15 below.
** Obsolete normative reference: RFC 5996 (Obsoleted by RFC 7296)
This one should be updated. In the doc shepherd's opinion, this
could be done in AUTH48 or in response to AD review or IETF Last Call
comments and does not warrant a new version just for that update
prior to AD review or IETF Last Call.
(12) Describe how the document meets any required formal review criteria, such
as the MIB Doctor, media type, and URI type reviews.
(13) Have all references within this document been identified as either
normative or informative?
(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state?
All but one reference is to an RFC.
There is a normative dependency on draft-ietf-precis-saslprepbis
which was on the 5/28/2015 IESG telechat and we believe it should
be unblocked shortly.
(15) Are there downward normative references references (see RFC 3967)?
Yes. The WG agreed that having a mandatory-to-implement EAP method
was required for interoperability. The WG surveyed EAP implementers/experts
as noted in Q5 above and found that there is no standards track EAP method that
is available in all the relevant EAP implementations. As such, the EAP expert
reviewers advice was followed, which was to require RFC 5281 (widely implemented
but only an Informational RFC) while making the new RFC 7170 (proposed
standard, but not implemented) a SHOULD. The alternative would be to
require RFC 7170, which the feedback indicated would block deployment
of this draft for some time to come. Having security for PCP sooner than
later was determined to be important, and so the WG would like to request
approval for this downward reference.
(16) Will publication of this document change the status of any existing RFCs?
(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes are
associated with the appropriate reservations in IANA registries. Confirm that
any referenced IANA registries have been clearly identified. Confirm that
newly created IANA registries include a detailed specification of the initial
contents for the registry, that allocations procedures for future registrations
are defined, and a reasonable name for the new registry has been suggested
(see RFC 5226).
No new registries are defined.
Confirmed requirements for new entries in existing registries are met.
(18) List any new IANA registries that require Expert Review for future
No new registries are defined.
(19) Describe reviews and automated checks performed by the Document Shepherd
to validate sections of the document written in a formal language, such as
XML code, BNF rules, MIB definitions, etc.