IETF Logo Mail Archive

Re: [radext] Proposed charter text based on IETF-115 BoF

Heikki Vatiainen <hvn@radiatorsoftware.com> Mon, 28 November 2022 13:33 UTC

Return-Path: <hvn@radiatorsoftware.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E260C1524D8 for <radext@ietfa.amsl.com>; Mon, 28 Nov 2022 05:33:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=radiatorsoftware-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ShGv3j1C1MqL for <radext@ietfa.amsl.com>; Mon, 28 Nov 2022 05:33:48 -0800 (PST)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 830CBC14CE59 for <radext@ietf.org>; Mon, 28 Nov 2022 05:33:48 -0800 (PST)
Received: by mail-lf1-x12c.google.com with SMTP id d6so17352855lfs.10 for <radext@ietf.org>; Mon, 28 Nov 2022 05:33:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=radiatorsoftware-com.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=QeVoAmfV4q5aEqYHTKvzJ6p1wTdJGCfhqjV+NYr2ptE=; b=Fm9BakAvtaHohFXRsdQ3ZfZ7ENvVo25466ClrUUlYDaFulrXwfvEJjV8x8m6HnJQB/ cpUs49AnAO3Z6Y0KGaloBk/ogUJ35zwq7li5fL60jeBJofvM9676P4PTfn54S4XLp7Qt CAfyx3H7Q/B+9w8e7/NsSnNWF8YRDI14p9ZYLxIqO+ZcqiV29Ev1cJm1l3tLypz0UZOC j4I3O4RGxQf81OYXXCJMYHT+t6Con1Rq8Ks3SHx+6Z9ximRgR+63dav/dMzHKI35ekhZ iOSbYDIrvlQA7B0EhC2IkGSL6PasIKBERiHPDGa/c+ihO8DGuV8W4ALP3TnIOWZjSYiZ J7eA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QeVoAmfV4q5aEqYHTKvzJ6p1wTdJGCfhqjV+NYr2ptE=; b=f4vlljCqwJLfCQchRrnmzejie7wWchmzU5H/Cq+kgRX8NANOB5cM0XSJoFcPGLqwRu TE9elmo4FhJVNgcoY78BoC0yd5xsbJmMBmVysl+mK6Ui2Ulz/E8J2LEQdWymmG90IpL+ 0CmcOt1W0PhuGHkt1xl1TrZs/L1DifLCVcu1dl4p1kAsl4MYi1qbjoff51pFSaQXWZF6 YW/eqnpAhwbxEdDBa6f5y+bMEcOvaRNSfxz+luAf3eQ34jFlrNhrrS0A5GVYvPxDVTiQ KaYcGM0xZPhJQLxt4BUAbog7g7umflJSjO6pCFCsZXVRN/xQuM3XfOp83gXc7rpios5G cYEg==
X-Gm-Message-State: ANoB5pnWLhnF/RjEuWCHDucEuEuVO11nPQwP9oxOP+cCF2zApAbt3By6 E8NVKN3tH9LCslOw+CihXL+MuaurbtQ2vZzfSnaIWRvmBxMong==
X-Google-Smtp-Source: AA0mqf5FRdB/sdDLv30YaNGqJXCip/DlmvPFQD2C3DI1MFc9OBCX0TzNzLc+qS/uE6i4hhEmdJF6QKcvPO8TpZWNNE8=
X-Received: by 2002:a05:6512:c06:b0:4b4:a843:38b3 with SMTP id z6-20020a0565120c0600b004b4a84338b3mr13465648lfu.417.1669642426275; Mon, 28 Nov 2022 05:33:46 -0800 (PST)
MIME-Version: 1.0
References: <FD0507D4-2C1D-478A-97E0-ECEEF1A5613B@deployingradius.com> <E82B0ECD-4580-4F35-B07B-35685CFC5C44@aiven.io> <883f3572-121f-5ed8-7378-1a91c5525f88@iea-software.com> <EAAC2507-5D29-4453-8881-BC8D9D5314D8@deployingradius.com> <CAOW+2dsKg_H9f3zRUnanCpgGO+G=VPyxzWa9hsrCJCpsnoBsxA@mail.gmail.com> <7CB701B8-BD8F-4ADC-9265-12FC7EBE8FB6@deployingradius.com> <CAOW+2dtDkN3Hvk1vmuyJYGP9KS5WaGDenwQBb7-g12e6SxvEzw@mail.gmail.com> <05f4711f-4f9f-7bb6-e04f-b3c9ebc73202@dfn.de> <9e24bb0f-b12b-8235-3e88-65d4c59f205c@newtoncomputing.co.uk> <e94b8273-6189-efc4-dfa5-3ab3bacbdac6@dfn.de> <7cdb23d1-1d91-71ed-14ee-157315beb278@newtoncomputing.co.uk> <7604703a-075f-7ad6-9c85-24e9a0f845fb@dfn.de>
In-Reply-To: <7604703a-075f-7ad6-9c85-24e9a0f845fb@dfn.de>
From: Heikki Vatiainen <hvn@radiatorsoftware.com>
Date: Mon, 28 Nov 2022 15:33:30 +0200
Message-ID: <CAA7Lko9wSP0E8tSQwQ4uhud-f+OBZf6Nw-EGf0XqLPkg8vpN8A@mail.gmail.com>
To: radext@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b8728505ee87ebeb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/Jqs3cpWF-xr3u2Nj3mO6UNEyIo0>
Subject: Re: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 13:33:53 -0000

On Fri, 25 Nov 2022 at 01:24, Jan-Frederik Rieckers <rieckers@dfn.de> wrote:


> But if ALPN (as just suggested by Alan) is a usable way, that seems to
> be the best option. (Not sure about the name RADIUS+FIPS though, but I
> suppose that's a discussion for when the WG is chartered)
>

Would it be a good idea to add ALPN to RFC 6614 (RADIUS over TLS / RadSec)
update to create a foundation for SRADIUS and other possible future
enhancements? What ALPN provides appears to be a good match for what's
needed for RADIUS too. HTTP, for example, seems to have used it with good
success.

Maybe ideas, such as reverse CoA draft, could benefit from this too. The
reverse CoA draft has text about configuration flag and in-band signalling
to inform the other end about reverse CoA capability, but careful use of
ALPN might be a solution for this too. By careful I mean, for example, not
introducing ALPN Protocol IDs for each and every thing.

Thanks,
Heikki
-- 
Heikki Vatiainen
hvn@radiatorsoftware.com

v2.23.0 | Report a Bug | By Email