Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
Note: This ballot was opened for revision 13 and is now closed.
(Sean Turner) Yes
(Ron Bonica) No Objection
(Stewart Bryant) No Objection
(Gonzalo Camarillo) No Objection
(Wesley Eddy) No Objection
(Adrian Farrel) No Objection
(Stephen Farrell) No Objection
Comment (2012-03-15 for -14)
- section 2.2.1 could badly do with some examples if that's possible. I'd expect interop problems in any case, but more without that. Those might be shared with the other scheme drafts. - Section 2, last paragraph - that's confusing - which Y and K calculation is to be done? I think you need to be much clearer about this. - saying "server S does not store any plaintext passwords" is missing 2119 language. While a MUST would be most correct, perhaps a SHOULD is right, in case someone wants to do this using an existing DB of cleartext passwords. - Providing a reference for "Shamir's trick" would be good.
(Russ Housley) No Objection
(Peter Saint-Andre) No Objection
Comment (2012-03-08 for -13)
Both draft-harkins-ipsecme-spsk-auth and draft-kuegler-ipsecme-pace-ikev2 specify that the password will be prepared using SASLprep (RFC 4013). Why doesn't this specification also define how 'w' is prepared for input to other operations?