Re: [radext] Proposed charter text based on IETF-115 BoF
Paul Wouters <paul.wouters@aiven.io> Tue, 22 November 2022 13:43 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A58C1524AE for <radext@ietfa.amsl.com>; Tue, 22 Nov 2022 05:43:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLXS5M235slX for <radext@ietfa.amsl.com>; Tue, 22 Nov 2022 05:43:13 -0800 (PST)
Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 017D3C14F724 for <radext@ietf.org>; Tue, 22 Nov 2022 05:43:12 -0800 (PST)
Received: by mail-qk1-x731.google.com with SMTP id d8so10181465qki.13 for <radext@ietf.org>; Tue, 22 Nov 2022 05:43:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=v/s8nHP5ecdvYD4M8rPV/ic/m6DugRG1DN4zr/p6wiA=; b=CH7RDlBrzJGO5pLeMB+b8YGcZ0EU67eUJIWWPdIE8hew0GcrDapO01FVy+W5h+WHen Lm0SktVuVP+jmPJhc2zacWGE8n9neGaR2avtEJeiEilugmOCfc750QFe+Vbs4kzTg3fr qCNHMP3WS2WFNC4pRB/o221oV2y1Nundsvmzk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v/s8nHP5ecdvYD4M8rPV/ic/m6DugRG1DN4zr/p6wiA=; b=3J6MEzGEDvl47tgQZriApHRfXasg85ETmtHbp/vjFVSSjhOU10RHYYGmLELvQCS9pc rh5GTP/15Kyu3EUJ1C1+/gWNmBr2zeSg7WCcaHGbbXsUNhY/V6WmRAM+roBSZlIWZrGX 9tJctJaWyv5ZpPL+9MIqI2Wpq2ZjUvr4I1RDX6gKrIffyj+cLsU72Ec9axqxGIUlzSme 9vwd0xoy+SIABwO3dRdNsKkLbZ4uinqc5i8oe31NUgbfuR5qeqIIl6Ios4FMMXA/1pZc vWNqfqFfyTWEO3T4pxBJgBzQREn82JCTnM4bO0NhE2K9bbnYKGFw5i2YgmDN1dxZijJX YL1Q==
X-Gm-Message-State: ANoB5pmoIOMr//n6uDiQSdHOLNHTISgVSFFHCgI+jwm2lOf7DFLiKM1y IyMSldInmODPpYyy1h3smaW0MA==
X-Google-Smtp-Source: AA0mqf7oaOWk0pW0CfbMvsfZ10ngMoEAOngx7Y/Vh00igUlq4v37eOytsUFthc3JaeUQVkAxw+Ez0g==
X-Received: by 2002:a37:6512:0:b0:6fa:67fd:b2c7 with SMTP id z18-20020a376512000000b006fa67fdb2c7mr11257070qkb.615.1669124590794; Tue, 22 Nov 2022 05:43:10 -0800 (PST)
Received: from smtpclient.apple ([2605:8d80:64a:e4e0:eda3:899c:28a7:d450]) by smtp.gmail.com with ESMTPSA id bn29-20020a05620a2add00b006fa4cac54a5sm9967065qkb.72.2022.11.22.05.43.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 22 Nov 2022 05:43:10 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul.wouters@aiven.io>
Mime-Version: 1.0 (1.0)
Date: Tue, 22 Nov 2022 08:43:08 -0500
Message-Id: <E82B0ECD-4580-4F35-B07B-35685CFC5C44@aiven.io>
References: <FD0507D4-2C1D-478A-97E0-ECEEF1A5613B@deployingradius.com>
Cc: Bernard Aboba <bernard.aboba@gmail.com>, radext@ietf.org
In-Reply-To: <FD0507D4-2C1D-478A-97E0-ECEEF1A5613B@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: iPhone Mail (19G82)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/N2lNY_gJZKQF0ILif6rBgHZ6_zw>
Subject: Re: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2022 13:43:17 -0000
On Nov 22, 2022, at 06:36, Alan DeKok <aland@deployingradius.com> wrote: > > > Avoiding MD5 at the TLS layer won't help. MD5 is baked into RADIUS. The Request Authenticator, Reply Authenticator, and Message-Authenticator require the use of MD5. > > In order for RADIUS to work in a FIPS -140 environment, the RADIUS protocol has to be purged of dependencies on MD5. Indeed, there is a special exemption for radius when I was involved with FIPS certifications at redhat because there is no way to do radius without md5. Fixing this is one of the main reasons for doing the radius work. This is not about transport security, which can be configured to be FIPS compliant. Paul
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- [radext] Proposed charter text based on IETF-115 … Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Peter Deacon
- Re: [radext] Proposed charter text based on IETF-… Michael Richardson
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Peter Deacon
- Re: [radext] Proposed charter text based on IETF-… josh.howlett
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Michael Richardson
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Peter Deacon
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Stephen Farrell
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Stephen Farrell
- Re: [radext] Proposed charter text based on IETF-… Michael Richardson
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Stephen Farrell
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Matthew Newton
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Matthew Newton
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Heikki Vatiainen
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Heikki Vatiainen
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… josh.howlett
- Re: [radext] Proposed charter text based on IETF-… Margaret Cullen
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Liaison to government agencies Margaret Cullen
- Re: [radext] Liaison to government agencies Margaret Cullen
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Alan DeKok
- Re: [radext] Liaison to government agencies Alexander Clouter
- Re: [radext] Liaison to government agencies Behcet Sarikaya