IETF Logo Mail Archive

Re: [OPSAWG] CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS

mohamed.boucadair@orange.com Fri, 16 September 2022 12:16 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3513DC13CCE2 for <opsawg@ietfa.amsl.com>; Fri, 16 Sep 2022 05:16:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.809
X-Spam-Level:
X-Spam-Status: No, score=-2.809 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtd8ALwpsiwX for <opsawg@ietfa.amsl.com>; Fri, 16 Sep 2022 05:16:31 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 535C2C13CCDC for <opsawg@ietf.org>; Fri, 16 Sep 2022 05:16:31 -0700 (PDT)
Received: from opfednr07.francetelecom.fr (unknown [xx.xx.xx.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr22.francetelecom.fr (ESMTP service) with ESMTPS id 4MTY2h3BSdzyfL; Fri, 16 Sep 2022 14:16:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1663330588; bh=K76NSTDKNWdnJf6cbY+3wUxzX3zDLQvUGAF4Umn6/ec=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=S80P3jopSbzmkQrQ2GsPsRIKdjRyKuA+P/Y0b5wJZkF7P3v3gArrmM0cA/zMTEc9U CRZhURQNHi4juq3/kB7lXbXigmRT1uodxqpw3h8P1N0ojBUVcvGLjvfbCKsF9aAFGT /UuIN/X8dq5wx3Rms7pSGBt6mq4t8X5AieTDI+jLWEdc5DtioqmNJbb2/FPJggAY3P ujW4vJNPwqg01M2ldjqrd6+LO/AfAi+j3ZeTT52BKzjPcIn+PPvgjlxIKWB9Mc9JCZ DkfyhhP0KrVxvbzy39oW4vEl3wcpAh+IG0zz9iJs0TV9CFKbflDvzSXNWZzr6ATBI5 fNXvn29IEzE1Q==
From: mohamed.boucadair@orange.com
To: tom petch <ietfc@btconnect.com>, tirumal reddy <kondtir@gmail.com>
CC: "Joe Clarke (jclarke)" <jclarke@cisco.com>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS
Thread-Index: AQHYyRyVM54TZ88xxk6RwmxV2kJqZK3g6IMAgADrYgiAABX28IAACR4AgAABEKSAAAT/AA==
Content-Class:
Date: Fri, 16 Sep 2022 12:16:28 +0000
Message-ID: <11089_1663330587_6324691B_11089_487_50_070e028ee19b4b11b23d8cdf20444f71@orange.com>
References: <BN9PR11MB5371B6F650B031E04AADF10BB8469@BN9PR11MB5371.namprd11.prod.outlook.com> <AM7PR07MB624825621786D8144A3AA772A0499@AM7PR07MB6248.eurprd07.prod.outlook.com> <BN9PR11MB5371B4D6E4CEE9AAB75EB093B8499@BN9PR11MB5371.namprd11.prod.outlook.com> <AM7PR07MB6248071A2837D09807FEBEFFA0489@AM7PR07MB6248.eurprd07.prod.outlook.com> <5350_1663327451_63245CDB_5350_212_6_7dd3232fc4a2445cbcaffa1072dfbf39@orange.com> <CAFpG3geiNoRkGjrvygwiY5oy3k3eRWdz-XyE4V2Tp7U+GJ3_eA@mail.gmail.com> <AM7PR07MB624820361C998AA61B850751A0489@AM7PR07MB6248.eurprd07.prod.outlook.com>
In-Reply-To: <AM7PR07MB624820361C998AA61B850751A0489@AM7PR07MB6248.eurprd07.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-09-16T12:13:57Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=33d70b4d-b09e-4a3f-af93-ed6385a522ac; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.115.26.50]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/0zrJoJo0c442ppAzhvmVjD0Cick>
Subject: Re: [OPSAWG] CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 12:16:35 -0000

Re-,

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : tom petch <ietfc@btconnect.com>
> Envoyé : vendredi 16 septembre 2022 14:01
> À : tirumal reddy <kondtir@gmail.com>; BOUCADAIR Mohamed INNOV/NET
> <mohamed.boucadair@orange.com>
> Cc : Joe Clarke (jclarke) <jclarke@cisco.com>; opsawg@ietf.org
> Objet : Re: [OPSAWG] CALL FOR ADOPTION: RADIUS Extensions for
> Encrypted DNS
> 
> From: tirumal reddy <kondtir@gmail.com>
> Sent: 16 September 2022 12:51
> 
> On Fri, 16 Sept 2022 at 16:54,
> <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>
> > wrote:
> Tom,
> 
> > <tp2>
> > I was thinking that the IESG will complain at TLS being only
> 1.2,
> 
> Don't think so. Please see:
> https://datatracker.ietf.org/doc/bofreq-dekok-bofreq-dekok-radius-
> extensions-and-security-00/.
> 
> Yes, TLS 1.2 can be continued to be used by existing protocols
> following the recommendations in
> https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis-
> 11.  The BCP allows implementations to use TLS 1.2 and encourages
> them to mitigate to TLS 1.3.
> 
> <tp3>
> Well if the IESG approves that I-D (which it may or may not!).

[Med] Actually it was already approved. 

  I
> note that also in the uta work is an I-D for syslog ciphersuites
> where there is a post asking the WG what so say about TLS versions
> and one response from one active in the TLS WG is proposing TLS1.2
> as MUST NOT.
> 
> I think it will depend on who is Security AD at the time.
> 
> Tom Petch
> ps I have found a send button, for better or worse
> 


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email