IETF Logo Mail Archive

[radext] Wiki updates

Alan DeKok <aland@deployingradius.com> Tue, 02 April 2024 13:19 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3561C14F6A7 for <radext@ietfa.amsl.com>; Tue, 2 Apr 2024 06:19:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pETR10VnvPGa for <radext@ietfa.amsl.com>; Tue, 2 Apr 2024 06:19:31 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07B0CC14F685 for <radext@ietf.org>; Tue, 2 Apr 2024 06:19:30 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 19326209 for <radext@ietf.org>; Tue, 2 Apr 2024 13:19:27 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
From: Alan DeKok <aland@deployingradius.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Message-Id: <596AF3AC-AF89-44E3-AA02-CFD867406751@deployingradius.com>
Date: Tue, 02 Apr 2024 09:19:24 -0400
To: radext@ietf.org
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/1VkKVWL205u2kHq2k8gqzoBxUgc>
Subject: [radext] Wiki updates
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2024 13:19:32 -0000

  I've summarized too many SAAG messages to the Wiki:  https://github.com/radext-wg/issues-and-fixes-2/wiki#protocol-design

  As best I can tell, PANA is hard, so RADIUS is being used instead to authenticate devices which already have some network access.

  The devices all share a common password, and seem to be using PEAP/MS-CHAPv2.  It's not said what they use for a RADIUS shared secret.  Presumably also a common password.

  It's left to the reader to determine exactly what kind of "authentication" is being performed in this design.  Or what, exactly, is RADIUS being used for.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email