IETF Logo Mail Archive

Re: [radext] Liaison to government agencies

Bernard Aboba <bernard.aboba@gmail.com> Thu, 01 December 2022 21:41 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A557C14CE4F for <radext@ietfa.amsl.com>; Thu, 1 Dec 2022 13:41:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.205
X-Spam-Level:
X-Spam-Status: No, score=-1.205 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lb7XGZacGxG3 for <radext@ietfa.amsl.com>; Thu, 1 Dec 2022 13:41:55 -0800 (PST)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F658C14F72A for <radext@ietf.org>; Thu, 1 Dec 2022 13:41:55 -0800 (PST)
Received: by mail-pl1-x632.google.com with SMTP id s7so2909128plk.5 for <radext@ietf.org>; Thu, 01 Dec 2022 13:41:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=D0Oh0z99JyYAJiN5wSOqKhp+qUtWMs45Kjr9PDuA2eM=; b=ItC+qO5akE+2nmYUWApZ5tsSKyMXkCoAYaimeN7ocUQzltFByPymxqJGtXs1Su6qAk 095KtfcPbKq5+P/dCV705rV6DUdcYXS8W42GUasHKLgYq2SLdtli+sA1+TyheXRxDafd op7mtddefJk21qDhxffIoeGzYoAsQzvroHEN1t/T67KVgLh2s79WUTlfZdQeLhr5Z7fB zZ9XmkNcYQoNxYxGCln5kV8IV0yFqqntgRvxNg6VHbJdlQ39KeDDv52vuwe9sHTUUgPE 4rMKabKFrSUmO8p8CzgsTBTOqBrlsq9NKK+CUf50wrzc6NJuxt4IIZJL6DmmzNJPooFB 2vbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D0Oh0z99JyYAJiN5wSOqKhp+qUtWMs45Kjr9PDuA2eM=; b=71mMXnUYqvGsf7k4OTf5jE11FNek/oaJJWNcgjhcpmNcYp80pxZC+QYX+7SIna9Ix2 TkpJ1fP3VxJRyMwMeiv6dN0Ow0YeYtKBTDX+m/zXeBwlzDB7xe709txzpUr4RxmJhc9x 6GxyzqXZFQ2yxN6nDZ0n0VXpXiwqtZe4mnm1M4wywM/5yFYbEuZRV+oh/ohwraQYo82X Tup8VIPpq7gOmm3PVBTshPy5a3hhf2AEZRuy01BTJKmyUF0yfBzadTtvul5eQlsWe4Zt Yk21C/HldH+cfwJDYyrtO7WESwLqBp527DwM3ekc017eCZD2W2vHV4WWObV4PnVSexNQ ZV3g==
X-Gm-Message-State: ANoB5pmqlPTjLBCT3lABnNoCiK+HcHFHFNdxG6JG2VDTtIDGzraLqUbp jBtyEnCDW8Nc2oeivGkS9f2frObQLhDA+A==
X-Google-Smtp-Source: AA0mqf66kL6oC14kEJenY95KMkycnLCEzXNeQ0gSVnj73ZUDcpN7RAKgCRmJu8c/JTmnrxRm3c73HQ==
X-Received: by 2002:a17:902:bc84:b0:17f:700a:2cd3 with SMTP id bb4-20020a170902bc8400b0017f700a2cd3mr51341834plb.36.1669930914234; Thu, 01 Dec 2022 13:41:54 -0800 (PST)
Received: from smtpclient.apple (c-24-16-156-188.hsd1.wa.comcast.net. [24.16.156.188]) by smtp.gmail.com with ESMTPSA id e14-20020a170902784e00b0017f9db0236asm4103097pln.82.2022.12.01.13.41.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Dec 2022 13:41:53 -0800 (PST)
From: Bernard Aboba <bernard.aboba@gmail.com>
X-Google-Original-From: Bernard Aboba <Bernard.Aboba@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-C6B5B584-3C7D-4F0C-97DD-58BF309EA7A6"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
Date: Thu, 01 Dec 2022 13:41:42 -0800
Message-Id: <8304E4C9-B94D-41D2-B49A-E14426932753@gmail.com>
References: <78B99A3A-A436-41C9-9E05-67CDDF7C80A0@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Peter Deacon <peterd@iea-software.com>, radext@ietf.org
In-Reply-To: <78B99A3A-A436-41C9-9E05-67CDDF7C80A0@gmail.com>
To: Margaret Cullen <mrcullen42@gmail.com>
X-Mailer: iPhone Mail (20B101)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/QFTTI8VeITCkzdOHkPyB1bP6Oqs>
Subject: Re: [radext] Liaison to government agencies
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 21:41:59 -0000

This is how we got 802.11i deployed in FIPS environments so it’s a good description of how things might be done. In particular, consulting with customers is critical to unblocking deployment.  

On Dec 1, 2022, at 12:00, Margaret Cullen <mrcullen42@gmail.com> wrote:



On Dec 1, 2022, at 2:58 PM, Margaret Cullen <mrcullen42@gmail.com> wrote:



On Nov 23, 2022, at 6:26 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
On 23/11/2022 23:06, Bernard Aboba wrote:
Stephen said:
"Perhaps the charter text you'd like added would say that the WG needs to
establish what protocol requirements need to be met for FIPS-140 compliance
before defining anything?"
[BA] That seems like a good way to go about it. 

Cool. Next step there would be for someone to propose
concrete wording for that, then our AD can decide to
update the draft charter or not. I can give it a shot
tomorrow if that's useful, and if nobody else does it
first:-)

How about replacing this bullet:

- Defining a secure variant of RADIUS which can be used in a FIPS-140
  compliant environment.

With this:

- Determine what protocol requirements need to be met for FIPS-140 compliance and deployment, consulting with NIST staff and/or operators of FIPS-140 evironments, as needed.  If those protocol requirements are not met by the current RADIUS specifications, define a secure variant of FADIUS which can be used in a FIPS-140 compliant environment.

And., no, I am not suggesting we call anything “FADIUS”.  :-)

s/FADIUS/RADIUS

Margaret


Thoughts?
Margaret



v2.23.0 | Report a Bug | By Email