Encrypting the Protocol for Carrying Authentication for Network Access (PANA) Attribute-Value Pairs
draft-yegin-pana-encr-avp-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-11-06
|
10 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2012-11-06
|
10 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2012-11-06
|
10 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2012-11-06
|
10 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2012-10-01
|
10 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2012-10-01
|
10 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent |
2012-09-29
|
10 | (System) | IANA Action state changed to In Progress |
2012-09-29
|
10 | Cindy Morgan | State changed to Approved-announcement sent from IESG Evaluation::AD Followup |
2012-09-29
|
10 | Cindy Morgan | IESG has approved the document |
2012-09-29
|
10 | Cindy Morgan | Closed "Approve" ballot |
2012-09-29
|
10 | Cindy Morgan | Ballot approval text was generated |
2012-09-29
|
10 | Cindy Morgan | Ballot writeup was changed |
2012-09-07
|
10 | Brian Haberman | [Ballot comment] Thanks for addressing my DISCUSS point and making the IANA section much clearer in its requests. |
2012-09-07
|
10 | Brian Haberman | [Ballot Position Update] Position for Brian Haberman has been changed to No Objection from Discuss |
2012-09-07
|
10 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-10.txt |
2012-09-07
|
09 | Brian Haberman | [Ballot discuss] Updated : Michelle @ IANA has reviewed the latest text and suggests some additional text in the IANA Considerations section to explicitly state … [Ballot discuss] Updated : Michelle @ IANA has reviewed the latest text and suggests some additional text in the IANA Considerations section to explicitly state which registries are affected by the requested changes. 8. IANA Considerations As described in Section 4 and Section 5, and following the new IANA allocation policy on PANA messages [RFC5872], two PANA AVP codes and one set of AVP values are requested. An additional encryption policy for AVP codes is also requested. 8.1. PANA AVP codes The following AVP codes are requested in the PANA Parameters - AVP Codes registry: o A standard AVP code of TBD1 (suggested value 12) for Encr-Encap AVP. o A standard AVP code of TBD2 (suggested value 13) for Encryption-Algorithm AVP. 8.2. PANA Encryption-Algorithm AVP values The following AVP values representing the encryption algorithm identifier for the Encryption-Algorithm AVP code are requested as a sub-registry under the PANA Parameters - AVP Codes registry : o An AVP value of 1 for AES128_CTR. o All other AVP values (0, 2-4294967295) are unassigned The registration procedures are IETF Review or IESG Approval in accordance with [RFC5872]. 8.3. PANA AVP codes encryption policy The additional encryption policy defined in Section 6.1 is requested to be assigned as an additional column labeled "Enc" to the PANA AVP Codes parameter, applied to all existing AVP codes and those defined in this specification. |
2012-09-07
|
09 | Brian Haberman | Ballot discuss text updated for Brian Haberman |
2012-09-06
|
09 | Sean Turner | [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss |
2012-09-04
|
09 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-09.txt |
2012-08-28
|
08 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2012-08-28
|
08 | Barry Leiba | [Ballot comment] [Updated] Version -08 resolves my DISCUSS and most of my non-blocking comments; thanks. Authors: "The reference to MSK will be made to RFC … [Ballot comment] [Updated] Version -08 resolves my DISCUSS and most of my non-blocking comments; thanks. Authors: "The reference to MSK will be made to RFC 5191 as it is defined there (which in turn references RFC 3748)" I don't think 5191 is the right reference: I don't think MSK is defined in 5191. I think MSK is defined in 3748, and that 5191 contains MSK in its Terminology section but defers to 3748 for the definition. That's precisely WHY the MSK entry in 5191 Section 2 refers to 3748, and if you want to know anything substantive about MSKs and how they're derived and work, you need to go to 3748. I think it's best to point directly to 3748 here, rather than pointing to something that points to 3748. It's not like references are expensive. |
2012-08-28
|
08 | Barry Leiba | [Ballot Position Update] Position for Barry Leiba has been changed to No Objection from Discuss |
2012-08-28
|
08 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2012-08-28
|
08 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-08.txt |
2012-08-24
|
07 | Brian Carpenter | Request for Last Call review by GENART Completed: Ready. Reviewer: Brian Carpenter. |
2012-08-16
|
07 | Cindy Morgan | State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation |
2012-08-15
|
07 | Sean Turner | [Ballot discuss] (sorry there's so many: few drafts on this week's telechat and this draft is short ;): 1) RFC 3686 (AES-CTR for IPsec ESP) … [Ballot discuss] (sorry there's so many: few drafts on this week's telechat and this draft is short ;): 1) RFC 3686 (AES-CTR for IPsec ESP) says: With AES-CTR, it is trivial to use a valid ciphertext to forge other (valid to the decryptor) ciphertexts. Thus, it is equally catastrophic to use AES-CTR without a companion authentication function. Implementations MUST use AES-CTR in conjunction with an authentication function, such as HMAC-SHA-1-96 [HMAC-SHA]. Should there also be a requirement that all AES-CTR encrypted AVPs also MUST use an authentication function? If not, why not? 2) (maybe this is the same as Stephen's) s2/3: prf+ alg negotiation: Are you saying that the same alg used to generate the PANA_ATUH_KEY is used to generate the PANA_ENCR_KEY? That is the alg is negotiated during the AUTH exchanges and then used during the ENCR exchanges? Or, can they be different? If they're different do we have some concern that one alg might be better than the other (If yes add security consideration)? 3) s3: I see that you say in absence of an application specific profile AES128_CTR is used. Is the same thing needed for the prf+ alg or do you just default to HMAC-SHA1 because that's what's in RFC5191? Should you say that? 4) s6: Tried to avoid entering this week's hot-topic (i.e., this might end up being just amongst the ADs) ... if this draft says that new AVP definitions SHOULD indicate whether they are to be encrypted aren't we asking for the specification that people use as a launching point to define AVPs to be updated (i.e., RFC 5191). Especially in light of the implied requirement about MAY encrypt if the specification is silent. 5) s6: (I waffled on whether this was a discuss): Need to provide guidance for future AVP-definers as to why they ought to pick Y, N, or X. Also, if it's X under what circumstance should an implementation encrypt it? 6) s6: Instead of discarding an AVP that was encrypted when it shouldn't have been did you consider defining a new Result-Code AVP for PANA_ENCRYPTION_ERROR? 7) s6: Should this column be included in the PANA IANA registry? 8) I'm just checking here: you're not going to have any kind of NULL cipher suites are we where the thing is in an encrypted AVP but it's not really encrypted? If you're not envisioning a NULL cipher suite can we say they're not allowed or that if one is defined because you're using the IKE registry that it MUST NOT be used? 9) s7: Normally, I'd not make these discusses but it's easy to screw up AES-CTR so I figure it's warranted to add: a) Pointers to AES-CTR security considerations in either RFC 3868 (general AES-CTR concerns) or SP800-38a Appendix B. b) Need to explain that its okay to use AES-CTR in this way because every MSK is a fresh key. c) Further, using AES-CTR without a corresponding authentication function is useless and that's why you're using the prf+ alg. 10) How does this work with the re-authentication phase? Do implementations need to switch to using the new MSK? When should that happen? |
2012-08-15
|
07 | Sean Turner | [Ballot Position Update] New position, Discuss, has been recorded for Sean Turner |
2012-08-15
|
07 | Pete Resnick | [Ballot comment] Barry and Brian's comments cover my concerns. |
2012-08-15
|
07 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2012-08-13
|
07 | Wesley Eddy | [Ballot Position Update] New position, No Objection, has been recorded for Wesley Eddy |
2012-08-13
|
07 | Barry Leiba | [Ballot discuss] -- Section 2 -- You need forward references to where you define things like PANA_ENCR_KEY, Encr-Encap AVP, and Encr-Algorithm AVP. Someone reading Section … [Ballot discuss] -- Section 2 -- You need forward references to where you define things like PANA_ENCR_KEY, Encr-Encap AVP, and Encr-Algorithm AVP. Someone reading Section 2 will have no idea what you're talking about when you just start using the terms without any definition. I first went to RFC 5191 to look for them. I think you should also expand "MSK" the first time you use it, and have a reference to RFC 3748 there. In other words, make sure that someone reading this has a roadmap from the start. Perhaps a good approach would be to start Section 2 with something like this?: PANA (in Section 8 of [RFC5191]) defines a set of Attribute-Value Pairs (AVPs). This document extends that by defining two new AVPs: the Encr-Algorithm AVP (see Section 4) and the Encr-Encap AVP (see Section 5). A new encryption key, PANA_ENCR_KEY (see Section 3), is defined to encrypt the payload. Just something to get you started; I hope it helps. |
2012-08-13
|
07 | Barry Leiba | [Ballot comment] Substantive comments; these are non-blocking, but please consider them seriously, and feel free to chat with me about them: I would like to … [Ballot comment] Substantive comments; these are non-blocking, but please consider them seriously, and feel free to chat with me about them: I would like to see a good scrubbing of "shall" and "shall not" in here. They are unusual enough in modern English to raise eyebrows, so if they're *not* meant as 2119 keywords, please use something other than lower-case "shall". -- Section 2 -- OLD Encr-Encap AVP can encapsulate one or more AVPs. There SHALL be only one Encr-Encap AVP in a PANA message. I found this confusing at first. May I suggest this?: NEW Only one Encr-Encap AVP is permitted in a PANA message. The Encr-Encap AVP can encapsulate one or more AVPs within. (That also demonstrates that you don't need 2119 language there (nor in many other places, such as the first paragraph of Section 3, but I'm not going to spend a lot of time time picking at that).) OLD These AVPs SHALL NOT be used if the EAP method does not generate cryptographic keys (more specifically, MSK). Double-negatives can be confusing; recast. NEW These AVPs can only be used if the EAP method generates cryptographic keys (specifically, Master Session Keys (MSK)[RFC3748]); they SHALL NOT be used otherwise. (And, of course, you can eliminate that last clause with the "SHALL NOT".) OLD Encr-Encap AVP MAY be used in any PANA message once the encryption algorithm is successfully negotiated and the PANA_ENCR_KEY is generated. Therefore, the EAP method MUST be a key-generating EAP method and the first message an Encr-Encap AVP MAY be used in is the last PANA-Auth-Request message with the 'C' (Complete) bit set. I think we have some quite inappropriate use of 2119 language here, in the two "MAY"s. I'm not sure about the first, but I am sure about the second. The first "MAY" says that even after you have a negotiated encryption algorithm and key, it's still entirely optional to use Encr-Encap AVP in subsequent PANA messages. Is that what you mean? If so, we're OK here -- you MAY use them. If that's not the case, then you need to re-word. The second "MAY" is just stating a situation, not giving 2119 advice. I suggest either changing it to "can" (my preference) or re-wording thus: "...and an Encr-Encap AVP MUST NOT be used until the last PANA-Auth-Request message with the 'C' (Complete) bit set." Brian has already put in a DISCUSS about how useless the IANA Considerations section is, so I don't need to make it a DISCUSS. I see that IANA has engaged the author on this, so the author should make sure the section gets updated with the result of that conversation. |
2012-08-13
|
07 | Barry Leiba | [Ballot Position Update] New position, Discuss, has been recorded for Barry Leiba |
2012-08-13
|
07 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded for Robert Sparks |
2012-08-13
|
07 | Brian Haberman | [Ballot discuss] I have no objection to the publication of this document, but I am quite confused as to what section 8.2 is asking IANA … [Ballot discuss] I have no objection to the publication of this document, but I am quite confused as to what section 8.2 is asking IANA to do. At this point, this DISCUSS is a placeholder until I can work with IANA to ensure the directions are clear. |
2012-08-13
|
07 | Brian Haberman | [Ballot Position Update] New position, Discuss, has been recorded for Brian Haberman |
2012-08-13
|
07 | Stephen Farrell | [Ballot discuss] I think these ought be v. easy but I just wanna check a few things... (1) Doesn't the last sentence of section 2 … [Ballot discuss] I think these ought be v. easy but I just wanna check a few things... (1) Doesn't the last sentence of section 2 conflict with the first SHALL in section 3? I think you want to say that the use of prf+ is mandatory to implement and if that PRF is negotiated then you MUST do the calculation as follows... (2) 5191 just defines a HMAC based prf whereas here you're using the prf+ function from 5996. Is there an IANA registry of those PRFs and if so, is prf+ one of the registered values? Or, do you need yet more IANA stuff to fix this up correctly? (3) Where does the Key_ID input to the prf+? (4) What ensures that encryption in the PaC->PAA direction uses a different key from in the PAA->PaC direction? (5) The secdir review asked if the nonce calculation was ok and the authors answered that. I think that text would be good to include in section 4 or 7 to explain why the nonce is ok. |
2012-08-13
|
07 | Stephen Farrell | [Ballot comment] - My thanks to the secdir reviewer (Yaron Sheffer) and to the authors for their timely responses to that. I think that worked … [Ballot comment] - My thanks to the secdir reviewer (Yaron Sheffer) and to the authors for their timely responses to that. I think that worked really well for this document. - s4: s/Only encryption/Only one encryption/ in 1st para. - 6.1: The X choice creates the case where an AVP could be received both in clear, and encrypted. It'd be good to say if this is allowed or not. - Section 3 says, Key_ID, section 4 says Key-Id. If those are meant to be the same then make them the same. If not, please say that and why or use different field names. |
2012-08-13
|
07 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2012-08-13
|
07 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2012-08-12
|
07 | Ralph Droms | State changed to IESG Evaluation from Waiting for AD Go-Ahead |
2012-08-12
|
07 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley |
2012-08-11
|
07 | Adrian Farrel | [Ballot comment] You need to expand the acronyms on first use in the main body even if you have already expanded them in the Abstract. … [Ballot comment] You need to expand the acronyms on first use in the main body even if you have already expanded them in the Abstract. --- There are a number of SHALLs used to define behavior, and this is fine. But where a message format is implied (for example "There SHALL be only one Encr-Encap AVP in a PANA message") shouldn't you state the behavior of a receiver when a non-conformant mesage is received? I suspect this is as simple as a global catch-all refering processing of non-conformant messages to RFC 5191. |
2012-08-11
|
07 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2012-08-10
|
07 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded for Ronald Bonica |
2012-08-10
|
07 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-07.txt |
2012-08-09
|
06 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2012-08-09
|
06 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2012-08-09
|
06 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2012-08-09
|
06 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-06.txt |
2012-08-08
|
05 | Ralph Droms | Ballot has been issued |
2012-08-08
|
05 | Ralph Droms | [Ballot Position Update] New position, Yes, has been recorded for Ralph Droms |
2012-08-08
|
05 | Ralph Droms | Created "Approve" ballot |
2012-08-08
|
05 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call |
2012-08-06
|
05 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-05.txt |
2012-08-02
|
04 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-04.txt |
2012-07-19
|
03 | Samuel Weiler | Request for Last Call review by SECDIR Completed: Ready with Issues. Reviewer: Yaron Sheffer. |
2012-07-15
|
03 | Brian Carpenter | Request for Last Call review by GENART Completed. Reviewer: Brian Carpenter. |
2012-07-13
|
03 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2012-07-13
|
03 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2012-07-12
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2012-07-12
|
03 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
2012-07-11
|
03 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Subject: Last Call: (Encrypting PANA AVPs) to Proposed Standard The … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce Reply-To: ietf@ietf.org Subject: Last Call: (Encrypting PANA AVPs) to Proposed Standard The IESG has received a request from an individual submitter to consider the following document: - 'Encrypting PANA AVPs' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-08-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies a mechanism for delivering PANA (Protocol for Carrying Authentication for Network Access) AVPs (Attribute-Value Pairs) in encrypted form. The file can be obtained via http://datatracker.ietf.org/doc/draft-yegin-pana-encr-avp/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-yegin-pana-encr-avp/ballot/ No IPR declarations have been submitted directly on this I-D. |
2012-07-11
|
03 | Cindy Morgan | State changed to In Last Call from Last Call Requested |
2012-07-11
|
03 | Ralph Droms | Placed on agenda for telechat - 2012-08-16 |
2012-07-11
|
03 | Ralph Droms | Last call was requested |
2012-07-11
|
03 | Ralph Droms | Ballot approval text was generated |
2012-07-11
|
03 | Ralph Droms | State changed to Last Call Requested from AD Evaluation |
2012-07-11
|
03 | Ralph Droms | Last call announcement was generated |
2012-07-11
|
03 | Ralph Droms | Ballot writeup was changed |
2012-07-11
|
03 | Ralph Droms | Ballot writeup was generated |
2012-07-11
|
03 | Ralph Droms | State changed to AD Evaluation from Publication Requested |
2012-07-11
|
03 | Cindy Morgan | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? i) Type of RFC Requested: Proposed Standard ii) It is the proper type of RFC because the document extends an existing Proposed Standard (RFC 5191) iii) The type of RFC is indicated in the title page header (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. Various types of payloads are exchanged as part of the network access authentication and authorization using PANA. These payloads are carried in AVPs. AVPs can be integrity-protected using the AUTH AVP when EAP authentication generates cryptographic keying material. PANA AVPs are transmitted in the clear (i.e., not encrypted). There are certain types of payloads that need to be delivered privately (e.g., network keys, private identifiers, etc.). This document defines a mechanism for applying encryption to selected AVPs. Working Group Summary Was the document considered in any WG, and if so, why was it not adopted as a work item there? Was there controversy about particular points that caused the WG to not adopt the document? The document would have been considered in the PANA WG, however it is now defunct. The document was presented to the PANA WG mailing list for comments on March 16 2012. Comments were received and a revised draft was submitted to the PANA WG mailing list on April 10 2012. No further comments were received. There was no controversy surrounding the document. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? There are numerous existing implementations of the protocol as it is currently being adopted and tested by ZigBee Alliance members involved in the development of the ZigBee IP stack. There are currently 7 independent vendors implementing the protocol. Yasuyuki Tanaka performed a thorough review of draft version 01 and his review was posted to the PANA WG mailing list on March 26 2012. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? The Document Shepherd and Responsible Area Director is Ralph Droms. In accordance with "Guidance on Area Director Sponsoring of Documents", Robert Cragie is assisting in providing the PROTO write-up. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The Document Shepherd/Responsible Area Director has reviewed the draft document and has been party to the interoperability testing events undertaken by the vendors to confirm interoperable implementation of the protocol and its fitness for purpose. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The Document Shepherd/Responsible Area Director requested the authors to submit the document for review on the PANA WG mailing list, which was done (see ) (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. The document is a simple extension to PANA to provide an encryption key wrap using a NIST-approved AES mode of operation. The PANA WG mailing list contributors were considered appropriate reviewers for the document. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the interested community has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. The Document Shepherd/Responsible Area Director has not indicated any specific concerns or issues with the document. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. There are no IPR disclosures on the document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any discussion and conclusion regarding the IPR disclosures. There are no IPR disclosures that reference the document. (9) How solid is the consensus of the interested community behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the interested community as a whole understand and agree with it? The interested community as a whole understands and agrees with the document, proven by implementation. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. A couple of nits found in the reviewed 02 draft have been resolved in the 03 draft. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No formal review required. (13) Have all references within this document been identified as either normative or informative? All references within this document have been identified as normative. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All normative references are in a clear state. (15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward normative references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the interested community considers it unnecessary. The publication of this document will not affect the status of any existing RFCs. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). The IANA considerations section clearly identifies the required additional AVP codes and algorithm identifier space required for PANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. There are no new IANA registries that require Expert Review. (19) Describe reviews and automated checks performed by to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. xml2rfc-1.36 was used to produce the text document from XML source and http://www.ietf.org/tools/idnits/ was used to check for nits. |
2012-07-11
|
03 | Cindy Morgan | Assigned to Internet Area |
2012-07-11
|
03 | Cindy Morgan | Note added 'Robert Cragie (robert.cragie@gridmerge.com) is the document shepherd.' |
2012-07-11
|
03 | Cindy Morgan | Stream changed to IETF |
2012-07-11
|
03 | Cindy Morgan | Intended Status changed to Proposed Standard |
2012-07-11
|
03 | Cindy Morgan | IESG process started in state Publication Requested |
2012-07-05
|
03 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-03.txt |
2012-04-10
|
02 | Robert Cragie | New version available: draft-yegin-pana-encr-avp-02.txt |
2012-01-04
|
01 | (System) | New version available: draft-yegin-pana-encr-avp-01.txt |
2011-10-19
|
00 | (System) | New version available: draft-yegin-pana-encr-avp-00.txt |