Re: [Cfrg] [secdir] Requesting review of draft-ietf-radext-radsec-09

David McGrew <mcgrew@cisco.com> Tue, 10 January 2012 14:20 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A029721F85EA for <cfrg@ietfa.amsl.com>; Tue, 10 Jan 2012 06:20:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sPOc2cJ8aTMb for <cfrg@ietfa.amsl.com>; Tue, 10 Jan 2012 06:20:40 -0800 (PST)
Received: from bgl-iport-2.cisco.com (bgl-iport-2.cisco.com [72.163.197.26]) by ietfa.amsl.com (Postfix) with ESMTP id 70B7A21F85E4 for <cfrg@irtf.org>; Tue, 10 Jan 2012 06:20:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mcgrew@cisco.com; l=1339; q=dns/txt; s=iport; t=1326205239; x=1327414839; h=cc:message-id:from:to:in-reply-to: content-transfer-encoding:mime-version:subject:date: references; bh=pB7zz+jHOxhS5vDOhZwYyVjBwggLX3QWIRbFVE/D3do=; b=HFypTkJ3UxQqp+MZXbIZ/mD/KeiRGduNomohLiE0ITlUiGzN9OX0lU0N ukHYQtcBUYCPVwe632iYxwHl1ZbGWvcyQ7yJXhJpKRumhzOgYibCQtqYo +VRNYz11Pdr8+iwPlMn8gXE92HiYdD2rBIJoPLvCHzRHDzJlImq+aREIu Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ap4EAARIDE9Io8UY/2dsb2JhbABDrWCBcgEBAQMBAQEBDwElAjEDCwULC0YnMBkih1gImEoBnjKId4I5YwSIOoxShVGNCg
X-IronPort-AV: E=Sophos;i="4.71,487,1320624000"; d="scan'208";a="3122600"
Received: from vla196-nat.cisco.com (HELO bgl-core-3.cisco.com) ([72.163.197.24]) by bgl-iport-2.cisco.com with ESMTP; 10 Jan 2012 14:20:33 +0000
Received: from [192.168.5.97] ([10.86.252.142]) by bgl-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q0AEKTZK027778; Tue, 10 Jan 2012 14:20:30 GMT
Message-Id: <8AD2FCD4-39ED-4DB5-8E1E-1F4B992D4C09@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: cfrg@irtf.org
In-Reply-To: <35510875-4467-40D9-BABE-FD35C298F115@gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 10 Jan 2012 06:20:28 -0800
References: <35510875-4467-40D9-BABE-FD35C298F115@gmail.com>
X-Mailer: Apple Mail (2.936)
Cc: Jouni Korhonen <jouni.korhonen@nsn.com>, jouni korhonen <jouni.nospam@gmail.com>, "Mauricio (HP Networking) Sanchez" <mauricio.sanchez@hp.com>, "Dan (Dan) Romascanu" <dromasca@avaya.com>
Subject: Re: [Cfrg] [secdir] Requesting review of draft-ietf-radext-radsec-09
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2012 14:20:40 -0000

Forwarding the request for review to the IRTF Crypto Forum RG.

I personally feel that the use of TLS to protect RADIUS is a good way  
address the security/deployability gaps that are present when RADIUS  
is used in scenarios where cryptographic security is needed.  However,  
I have not reviewed the draft in detail.

David

On Jan 9, 2012, at 4:27 AM, jouni korhonen wrote:

> Dear Security Directorate,
>
> We (RADEXT chairs) solicit for security expert review for "TLS  
> encryption for RADIUS" I-D. The I-D can be found at:
> http://tools.ietf.org/html/draft-ietf-radext-radsec-09
>
> Do not mind about the expired state. There will shortly be -10  
> revision just to keep the I-D alive and fixing one outdated  
> reference [I-D.winter-dynamic-discovery]. We are moving the document  
> to IESG process shortly thus the review comments should be directed  
> to document authors, AD and RADEXT chairs.
>
> Best regards,
> 	Jouni - RADEXT co-chair
>
>
>
> _______________________________________________
> secdir mailing list
> secdir@mit.edu
> https://mailman.mit.edu/mailman/listinfo/secdir
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview