IETF Logo Mail Archive

[radext] Proposed charter text based on IETF-115 BoF

Paul Wouters <paul.wouters@aiven.io> Mon, 21 November 2022 20:03 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A83C1522B5 for <radext@ietfa.amsl.com>; Mon, 21 Nov 2022 12:03:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6CaaLdhuVTs for <radext@ietfa.amsl.com>; Mon, 21 Nov 2022 12:03:43 -0800 (PST)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64CB5C14CE2D for <radext@ietf.org>; Mon, 21 Nov 2022 12:03:43 -0800 (PST)
Received: by mail-wr1-x42d.google.com with SMTP id x17so8020663wrn.6 for <radext@ietf.org>; Mon, 21 Nov 2022 12:03:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=FODrxbDUmDM0FuH8euogQAqWxN/3i4HTzr7Ubg+2JNs=; b=DYBQ3b21T3pg7i7UQYzovMUCjDBo6+9rNo0cHrb39GX5ijQHbbDKRaiMMffjrKG1xe LYEnyyMsr+r57eJoZDVpYyvXhgFxQ2y5R3/CMZ+nNOFOunfBN4UKzcAmrsFuXUSUjVil OHqYNZy/6bvDSVcntpkTfKZGdkw9Krnd/5C0g=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=FODrxbDUmDM0FuH8euogQAqWxN/3i4HTzr7Ubg+2JNs=; b=147lEJZ9yp7sSpxDnZn9HDWfdtMvVb5uYmZWqSWiiGHE5JHE+WORl2YIuAid2VY6EL cXLaUTbxeZtyaOjJmvwxaCBxIhMgB1XP6klPYOm3jXiLQWJ24b5hCT3DYozpkkR538jd IXX4wWKAYwlvl7EdXj2dL/MF4ETVpiJ1ffEa+WsE1HwcIS2Yro41JpbwX2AOC587nF/e 4Ctzw0hAHgzAiOAF7PgznI1BKyeNpKMSmCrDga7S/Dl4T/ZCIcGzfvz1mpcVTrbiFY+m mqGCmmNGNjDJOguS8fdshW5tcSJfEMjnAZ2FgrQXcAWuHpi/mwJXuQQIy3yCKvgznVNW VhKQ==
X-Gm-Message-State: ANoB5pkAwVMwcbs8Mqu0/Na5PzrSR9c9y4r5fAqTzwxEggbxXPrI59xg Gi4pmdjLwQgIrkQIMRJM1smJuvLhjrK3OX/2s2C6zrcLw+m5eA==
X-Google-Smtp-Source: AA0mqf6jJIC/FyHTMXe+B9JuaC4JVPxoAtCMUPusbRxRn35+TCzi77BDCVD6ctqt00QLC5r43KddBcYg6qW9fAalsyY=
X-Received: by 2002:a5d:5233:0:b0:241:cc24:b65c with SMTP id i19-20020a5d5233000000b00241cc24b65cmr6146075wra.545.1669061021242; Mon, 21 Nov 2022 12:03:41 -0800 (PST)
MIME-Version: 1.0
From: Paul Wouters <paul.wouters@aiven.io>
Date: Mon, 21 Nov 2022 15:03:30 -0500
Message-ID: <CAGL5yWYTzvN1SgL8ordMvenhDGMs-EZw32+U32_4jeR9mqGciQ@mail.gmail.com>
To: radext@ietf.org
Content-Type: multipart/alternative; boundary="00000000000048294905ee008dca"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/LIuiKKV4ThzGMf4_TQSn3PEzujE>
Subject: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2022 20:03:47 -0000

Hi all,

Based on the inputs and discussions during the BoF at IETF-115 we have
updated the proposed charter text. It can be found at
https://datatracker.ietf.org/doc/charter-ietf-radextra/submit//

I've included it below.

Thanks to Stephen Farrell, Alan deKok and Margaret Cullen and everyone at
the BoF (local and remote!) for their help.

Please let us know of any issues but also let us know if you believe the
proposed charter is ready

Paul


charter-ietf-radextra-00-00

The RADIUS Extensions (RADEXT) Working Group is chartered to carry
out specific maintenance tasks for the RADIUS protocol as described
below.

To ensure backward compatibility with existing RADIUS implementations,
all documents produced must specify means of interoperation with legacy
RADIUS and, if possible, be backward compatible with existing RADIUS
RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 4668-4673, 4675,
5080, 5090, 5176, 5997, 6158, 6613, 6614, 6929, 7360, 7585, 8044, and 8559.

The WG may revisit the status of existing RADIUS RFCs, possibly changing
document track categories with minor changes in the documents as needed.

Work Items

The immediate goals of the RADEXT working group are to address the
following issues:

- Deprecate the use of insecure transports outside of secure
  networks.  This work updates RFC 6421
<https://datatracker.ietf.org/doc/rfc6421/> where possible.

- Bring RFC 6614 <https://datatracker.ietf.org/doc/rfc6614/>
(RADIUS/TLS), and RFC 7360 <https://datatracker.ietf.org/doc/rfc7360/>
(RADIUS/DTLS) to
  Standards track.

- Define best practices for RADIUS roaming, and roaming consortia
  based on experience with RADIUS/TLS.

- Improve operations for multi-hop RADIUS networks: e.g. loop detection
  and prevention, a multi-hop Status-Server equivalent with ability to
  Trace the proxy steps a RADIUS message will follow.

- Extend the 8-bit RADIUS ID space to allow more than 256 "in flight"
  packets across one connection.

- Allow for CoA / Disconnect packets to be sent in "reverse" down a
  RADIUS/TLS or RADIUS/DTLS connection.  This functionality assists with
  transit of NATs.

- Defining a secure variant of RADIUS which can be used in a FIPS-140
  compliant environment.

There is an external timeline that affects this work: completion by 2024
would enable WG outputs to be included in the planned WiFi 8 release. The
WG will aim to meet that deadline.

Adopting work items not described above will require a re-charter.

v2.23.0 | Report a Bug | By Email