Re: [radext] Server identity and RFC7585bis
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 11 April 2024 12:12 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABA98C14F5F2 for <radext@ietfa.amsl.com>; Thu, 11 Apr 2024 05:12:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HbEn61Je4LnT for <radext@ietfa.amsl.com>; Thu, 11 Apr 2024 05:12:41 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2139.outbound.protection.outlook.com [40.107.21.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF9D1C14F5E7 for <radext@ietf.org>; Thu, 11 Apr 2024 05:12:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lk29OuZXMCVJUDUOODdgGDrf/mYqiJF1lcCH/gLq7KErMXRiUGRVKFCt6Ebk5RV3WKQa3YNOpLUpP2UuvlRWPFLJtJw/OEc2QBOdhA3/cfQ9qBfHNyW5H1+ZewmaN11vrKadL77JpTmB2MoxcMgkgp0n88NRofsVSEG5Tyhe/BfnI09HigzrbqtXMf/rwKkcSzYZYED4zLXPTohNwugrez+9TugVQPJqebPksl5D0mW+9JD6w36hF/YR3FNls1Hok0n2QqfcNWzMAOH6lSZC/LInMkBnoz6s+Z9pIDNgnziNqBEVndX65hhHx6ctNlJU3DLtm7LEnBB4JK5i8ZSIPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=E6Ex7LUrCGZL0GIFgQfAx3znNUkdJDFSt6bNZXtEy+0=; b=UHT46/p4f3IE5MJ90WPT/mOHf4w01PPFM/G1ZxU140m7jYgWpByLH9yBlNCwIAnoBNnEfdynIU1J02AXLBptWA+RH9n++AhpOQvlEQCOb/y0GAe0U1m/2WtQ+PTtV4o3sIm4QXAedhDAu4zV9IhGClRPfWJWZjauzofT//gdYO4rt4FXZIurB4+zE1y6/hjShAnk56V6yI+S5JMsaUiNmJNvDihqF9F0Z62u/q45OYor77WjvHFGQacXfMQ9XlvZ6U5NGRHonTFt9OaIb29fAuzwpQaCOpiD0L+aLAOb0YfkFPcYI7GNVInZHfUCXOrVOz0xqwP+UD2SNHxN8F8yDg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=E6Ex7LUrCGZL0GIFgQfAx3znNUkdJDFSt6bNZXtEy+0=; b=eCCEu94UPk9p0cj/6Zse6P0DqRbOVmvY9dPh8iCLpi7HXObw+b0A/HAFKlHHPNOcC4I6ZwFHTH8TJm1dXPRMgwzu0RTWOunBe5QCrMzM2Z0utknM9Lv3dO6z9PUY/gHxzIzNXPZP6ll5PEyKa41u5ecXvwEXseCo2+qHdayfhdQuAcP5me4fSME0MuyuHTTI5i4Llt9ia6+hqSPVJD8wDnHlCKBoC63qOoaLqy5j8qSi7azeg0NUDRLjLovLG8jmw5gHN4/ckO0L4jwAd8NsZ+ykOx8LpSJDDW5A7JUJz5DsQL46I7gsPt2Y9Y/l4mc+ooIgD7ps6QljrkORN9mpNA==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PR3PR02MB6185.eurprd02.prod.outlook.com (2603:10a6:102:68::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Thu, 11 Apr 2024 12:12:36 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7409.053; Thu, 11 Apr 2024 12:12:36 +0000
Message-ID: <23461be4-4414-4698-b1d0-746072dffecd@cs.tcd.ie>
Date: Thu, 11 Apr 2024 13:12:33 +0100
User-Agent: Mozilla Thunderbird
To: Jan-Frederik Rieckers <rieckers@dfn.de>, radext@ietf.org
References: <CA9BEA9C-39EF-4764-A0FE-D122413B37F7@deployingradius.com> <18ef8267-474e-49ae-9204-0c6c79d5e50c@dfn.de> <6628c5c8-5071-476f-9ea2-2875d86304e2@dfn.de> <dfdaac4a-c4b0-4509-93a6-a41805a16e87@app.fastmail.com> <e8cbf8f9-3546-45f2-9014-a119a11eaafe@dfn.de>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <e8cbf8f9-3546-45f2-9014-a119a11eaafe@dfn.de>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------yQaegDTnm6QP9KFj0clPIfzw"
X-ClientProxiedBy: DUZPR01CA0256.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b5::16) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|PR3PR02MB6185:EE_
X-MS-Office365-Filtering-Correlation-Id: 30b3510b-4736-40a7-9ba4-08dc5a20aca6
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: elNYO4hTgZydicwhNxHGCEeUi7QUPW2vdsyz7QXgqnDKF4MQUbx+EM95+RGiBRlgtpYeTdDlNUVWRf8QmqVjMB6694YCmlbaXaeVVJx+vbQkzmgoFZ7neGO+HTnvvUe8cdAAQhsuVpn9UYhd9yxYpM3KDW9M1nEiWVJiJ9LIqPIfRErPSjrPcrHrvRlKgcvkLAosPLdEtaAv3XD0xETypmoH8qR1APws37oG2/UW+B0AkL22XgjnrlXEc49RytJKD9WxMwrG0joTkkYVz+N3ixpxNg7DrfhSH90Ta1HoBBoYYvFGM7Mvf3MFtm54DL5qh9Om/BPUHxOTqcwZMLDPa426VBZ4B6R44P1wMxmi5W634MkQ0LKjUrvCkm70h4LOJ3zAAecdVaDrtpdW5nAoek6p0oML9e1j0FBi3Wfh3WcWIibP8BmcFtgaxywSrZSv7gJYkGKAbABNUyk8VeZontX2GT+nzHfwXoXcQkqIagIgefcxVQcF4XJHczAKhiTKR2u9Ibs88a1Thpt2sz+64o0Gs0ljugUVvs8rJpbErIUexzlwbebScyn0HAdygcBUfaU4KTksHUXHpFaX8EeTdjo4OY4ajAyUE0N07UF91YAdll6jhi2WfVgZUeFieojtRyA0xRk04Wjz3epHvm4UsK2xqLU57HlJWvVO6ml0dHY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(366007)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: bm94NlJPFz/2cUYTFrPXcbQJC4MgUlHxjhvVmJdIM4vMLyhav7u00J5d8SJyk4v0uwJLPGs2CtOkOVW9/Yf3V5YgLXtuf1V23fRVx059KV3v2uRfJmGDfl1P1bQSJkSPxIZuRDBiJo/yKNkdo5pZIUkER9Y1hKSlCvVP/HLKELLhHR5ep+FEqppOyHDBTn2WugQVfMyDxrUUgl1s0nO/ZGGPRiXapIdNwhmdySmyTEh7Xsfe+5dKhsSzNaW4Whe+d9FFo08E8goJVkxyd8urfxbhMGg3Qbi/KaIF3kqJZYsS63x8BIoItIVF9XKrt3vKC/JPruDuhuucoAgX1qaMGGo/9+f41BsQEBaLxZ3X5WI7P2ksyslgcP7Qip9BUXV873z6a4ALsAT4ZCPRSe2KgjReyFWcepUUUfKc/0kfnwpA7QlZftEm4A7ygYq3ADivzZ8Qrykcbyt+X/dN6NP58EV4aDUxqjUz6av+R/8MxdMaBuJCyOK+Vw2dO5/HnyBEFyusVld0hEzXLti6CjhJAmpPQodQHGcZp/En2s5v1x6VcZy+FK07TfwKa8S6H3dfjcuEgU919fn3pRk87TT4SnXR7BWVe2q6cug9sv9mFHX81oqbhDgDCZPuR1dxVh6pN3wHM8m27GClNgX+ahqBMYYCxfxb5NWQ8FQcNoz87Xb2ITrkDraG17a9E+m/phjtB//4gZEeBJLj4eBXjKberAAJyQPqnB0Lq41rM+aogwQIS+91TpknnRj/ov4RaBcmPzhU4j+uMVDynH4mHlLC2nkDgVGAWehXSmUKFKEam9iM+ay1fcuTa2ODTa5ffUUmWpfYZ2YEbr96QUGS+Ax4uri0C4+/HhNDT61SonGA76P9/JRF3SDKFg3qkcflX3SjWvofCWUtLuwu/Vi8M/E/XKYUYFnJfmXGJ835sxnGeIvYvbeGi+7HI2lkJtxdEo/6wP/5Ouc6hSGsDSSDk6YneUH08iQ276cF9LvVqw/OyZM37SzFgHySAWL+Jn2Z4HmwKPho8eIryrWbfonYIPZJ8PHWTsek8CLQXM/YWIhkzcdDRYopKzHsNWG+QUPc5+cql9/rVc4Y9xQmX6CbEfj3faC3xqghyheLdlEMLTw6FRPzw5KMv8inZi9/ow3/v3uBvrceJcBtPAfmlJ05DmdBwVPGzkMaI8F4YkRiuc+pN1IgMC6MAdb3UVZGHjbZXW8kOio4eEOYvZ1n0eEePqnb8fcNEETvDYCFuaqF+skLMaNzbcx/dPuO0W5YaIUB6tDHuD1VgUUTiyZbQok+/BbhIt+4JglZ0pUPKeL6ViQQd5QypK2RRFOyTBBpFDaI/VqDmeAR1nKjdQPtgZAo6ZwAqJKQHz15nqh99WL4LAeBoMKJ0CmpAbqmqUlXlZrYGC29n1KpmatYBn1puCHFzx+H2K+KtESs8ib3358iGfDYHsCfSaIGvboYNIjbZD3/uFZqd+UDLdsUeEwwFukpdO97WJ7BSQ9In6fGmlXzJj3RIHCTyyuEPxEsY2cOhwhq5ZfQ2g4RpyTcqXGzwudV4XBaNl3cRzgIY3sJnlDZwBOcZg9uN46YxeKWrtnxB4xnQWgowPsyEt0QIOhoLe3PAlGqZ8FJx+wKuUacT4P+Qb8I+smzJGXjRCfwlKfnMdWpESBN
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 30b3510b-4736-40a7-9ba4-08dc5a20aca6
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2024 12:12:36.7260 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: dO7rSW3bRDTEwgJ5SH3aS0s5nh3he8uAVDPJM4SbDPo1qtgnmaMCuhLlsne5sY09
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR02MB6185
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/CNWqGQHEBplu8UKeDIk4Tp6bBRI>
Subject: Re: [radext] Server identity and RFC7585bis
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 12:12:46 -0000
Hiya, A random question from the sidelines... On 11/04/2024 13:02, Jan-Frederik Rieckers wrote: > > I've started to work on a text that includes Server Name Indication and > some text around when a server can be considered "the same". I've not followed the discussion here, so this may be a dumb question, but have you consider whether any new uses of SNI might be affected by ECH? [1] If some new use of SNI assumed that that value will be visible to intermediaries in the ClientHello, then ECH could scupper that. FWIW, [1] has just finished WGLC in the TLS WG, and I'm involved in a project implementing that, but haven't at all considered how/whether ECH could be useful in radius. Cheers, S. [1] https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
- [radext] Review of draft-ietf-radext-radiusdtls Alan DeKok
- Re: [radext] Review of draft-ietf-radext-radiusdt… Fabian Mauchle
- [radext] Certficate and certificate chain selecti… Heikki Vatiainen
- Re: [radext] Review of draft-ietf-radext-radiusdt… Jan-Frederik Rieckers
- [radext] RADIUS/(D)TLS port usage (was: Review of… Jan-Frederik Rieckers
- Re: [radext] Certficate and certificate chain sel… Alan DeKok
- Re: [radext] RADIUS/(D)TLS port usage (was: Revie… Alan DeKok
- Re: [radext] Review of draft-ietf-radext-radiusdt… Jan-Frederik Rieckers
- Re: [radext] Review of draft-ietf-radext-radiusdt… Fabian Mauchle
- Re: [radext] Server identity and RFC7585bis (was:… Mark Grayson (mgrayson)
- [radext] Accounting and Protocol-Error (was: Revi… Jan-Frederik Rieckers
- Re: [radext] RADIUS/(D)TLS port usage (was: Revie… Michael Richardson
- Re: [radext] RADIUS/(D)TLS port usage (was: Revie… Alan DeKok
- [radext] Server identity and RFC7585bis (was: Rev… Jan-Frederik Rieckers
- Re: [radext] Server identity and RFC7585bis (was:… Michael Richardson
- Re: [radext] Server identity and RFC7585bis (was:… Alexander Clouter
- Re: [radext] RADIUS/(D)TLS port usage (was: Revie… Michael Richardson
- Re: [radext] Server identity and RFC7585bis (was:… Alexander Clouter
- Re: [radext] Server identity and RFC7585bis Jan-Frederik Rieckers
- Re: [radext] Server identity and RFC7585bis Jan-Frederik Rieckers
- Re: [radext] Server identity and RFC7585bis Stephen Farrell
- Re: [radext] Server identity and RFC7585bis Jan-Frederik Rieckers
- Re: [radext] Server identity and RFC7585bis (was:… Alan DeKok
- Re: [radext] Server identity and RFC7585bis Stephen Farrell
- Re: [radext] Server identity and RFC7585bis (was:… Alan DeKok
- Re: [radext] Server identity and RFC7585bis Mark Grayson (mgrayson)
- Re: [radext] Server identity and RFC7585bis Jan-Frederik Rieckers
- Re: [radext] Server identity and RFC7585bis Jan-Frederik Rieckers
- Re: [radext] Server identity and RFC7585bis Alexander Clouter
- Re: [radext] Server identity and RFC7585bis Alan DeKok
- Re: [radext] Server identity and RFC7585bis Michael Richardson
- Re: [radext] Server identity and RFC7585bis Alan DeKok
- Re: [radext] Server identity in RADIUS/(D)TLS-bis Jan-Frederik Rieckers
- Re: [radext] Accounting and Protocol-Error (was: … Alan DeKok
- Re: [radext] Server identity in RADIUS/(D)TLS-bis Alan DeKok
- Re: [radext] Server identity and RFC7585bis Fabian Mauchle
- Re: [radext] Session closure in DTLS (was: Review… Jan-Frederik Rieckers
- Re: [radext] Session closure in DTLS (was: Review… Alan DeKok
- Re: [radext] Session closure in DTLS Fabian Mauchle
- Re: [radext] Session closure in DTLS Alan DeKok