[radext] I-D Action: draft-dekok-radext-deprecating-radius-04.txt

internet-drafts@ietf.org Wed, 27 September 2023 20:04 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: radext@ietf.org
Delivered-To: radext@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BA2ACC1516E1; Wed, 27 Sep 2023 13:04:43 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: radext@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: radext@ietf.org
Message-ID: <169584508374.27966.3303658889978874109@ietfa.amsl.com>
Date: Wed, 27 Sep 2023 13:04:43 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/TtJJYJKINPIc-6JdB6zJKZ4cr-k>
Subject: [radext] I-D Action: draft-dekok-radext-deprecating-radius-04.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2023 20:04:43 -0000

Internet-Draft draft-dekok-radext-deprecating-radius-04.txt is now available.
It is a work item of the RADIUS EXTensions (RADEXT) WG of the IETF.

   Title:   Deprecating Insecure Practices in RADIUS
   Author:  Alan DeKok
   Name:    draft-dekok-radext-deprecating-radius-04.txt
   Pages:   34
   Dates:   2023-09-27


   RADIUS crypto-agility was first mandated as future work by RFC 6421.
   The outcome of that work was the publication of RADIUS over TLS (RFC
   6614) and RADIUS over DTLS (RFC 7360) as experimental documents.
   Those transport protocols have been in wide-spread use for many years
   in a wide range of networks.  They have proven their utility as
   replacements for the previous UDP (RFC 2865) and TCP (RFC 6613)
   transports.  With that knowledge, the continued use of insecure
   transports for RADIUS has serious and negative implications for
   privacy and security.

   This document formally deprecates using the User Datagram Protocol
   (UDP) and of the Transmission Control Protocol (TCP) as transport
   protocols for RADIUS.  These transports are permitted inside of
   secure networks, but their use in secure networks is still
   discouraged.  For all other environments, the use of secure
   transports such as IPsec or TLS is mandated.  We also discuss
   additional security issues with RADIUS deployments, and give
   recommendations for practices which increase security and privacy.

The IETF datatracker status page for this Internet-Draft is:

There is also an HTML version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by rsync at: