The review of the PKMv1 document has revealed a number of ambiguities in the Design Guidelines document. Among the issues that have come up:
a. Scope of the "security exemption". Does this exemption apply only to attributes relating to RADIUS security, to attributes relating to "authentication", or to security attributes in general?
b. Use of attribute extension schemes. The document currently recommends against use of the existing tagging schemes, recommending use of Extended Attributes (currently in draft). Did the document intend to discourage use of adhoc extension mechanisms (e.g. RFC 3579 EAP attributes)? Is the normative dependency on Extended Attributes required?
Are there other ambiguities that remain in the document?
|