IETF Logo Mail Archive

Re: [radext] Fwd: RE: Fwd: RE: Fwd: RE: Mail reguarding draft-ietf-radext-dynamic-discovery

Sam Hartman <hartmans@painless-security.com> Wed, 24 July 2013 16:29 UTC

Return-Path: <hartmans@painless-security.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64C9E11E80EA for <radext@ietfa.amsl.com>; Wed, 24 Jul 2013 09:29:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pViktjP8QVz3 for <radext@ietfa.amsl.com>; Wed, 24 Jul 2013 09:29:32 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC1C21F8445 for <radext@ietf.org>; Wed, 24 Jul 2013 09:29:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 458EE201E7; Wed, 24 Jul 2013 12:29:09 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xT3kN0Y7Zjl2; Wed, 24 Jul 2013 12:29:08 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [109.144.232.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Wed, 24 Jul 2013 12:29:08 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id A463787F70; Wed, 24 Jul 2013 12:29:28 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: Stefan Winter <stefan.winter@restena.lu>
References: <88ACDECA21EE5B438CA26316163BC14C25D334A9@BASS.ad.clarku.edu> <51DD5683.3070202@restena.lu> <51DE5730.4080008@deployingradius.com> <51E545A6.6040008@restena.lu> <51E54C2E.80002@deployingradius.com> <51EFA72E.9050507@restena.lu> <51EFD6AD.9020006@deployingradius.com> <51EFE930.9040903@restena.lu>
Date: Wed, 24 Jul 2013 12:29:28 -0400
In-Reply-To: <51EFE930.9040903@restena.lu> (Stefan Winter's message of "Wed, 24 Jul 2013 16:48:16 +0200")
Message-ID: <tslvc3zor9z.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: radext@ietf.org
Subject: Re: [radext] Fwd: RE: Fwd: RE: Fwd: RE: Mail reguarding draft-ietf-radext-dynamic-discovery
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2013 16:29:38 -0000

Also, how is this valuable at all without cryptographic binding of the
cert to the IP address?
We cannot be planning to have security of RADIUS over TLS devolve to an
IP ACL check.
I'm hoping I'm missing something here.

v2.23.0 | Report a Bug | By Email