IETF Logo Mail Archive

[radext] Re: Deb Cooley's No Objection on draft-ietf-radext-radiusdtls-bis-15: (with COMMENT)

Deb Cooley <debcooley1@gmail.com> Sun, 01 March 2026 11:42 UTC

Return-Path: <debcooley1@gmail.com>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CAC62C0E8A85 for <radext@mail2.ietf.org>; Sun, 1 Mar 2026 03:42:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9mzcFxN263a for <radext@mail2.ietf.org>; Sun, 1 Mar 2026 03:42:15 -0800 (PST)
Received: from mail-dy1-x1331.google.com (mail-dy1-x1331.google.com [IPv6:2607:f8b0:4864:20::1331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 7F934C0E8A79 for <radext@ietf.org>; Sun, 1 Mar 2026 03:42:15 -0800 (PST)
Received: by mail-dy1-x1331.google.com with SMTP id 5a478bee46e88-2bdcada445fso2087759eec.1 for <radext@ietf.org>; Sun, 01 Mar 2026 03:42:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772365328; cv=none; d=google.com; s=arc-20240605; b=G0ShrWs2F3KLvriGO7LUHnU+X1HXLvquRjoHcpV0OFpy1N9pAlnFq+Cg/IJE8aq8E8 JovdiWgbOLm2BJxgArvnN6GIACEtymqT9WiGsV/VmgdZ7eTVuTKca2pd/9N8bKtGP1TC 0oAt/HHhmBs49QlnGMgBPy2WhbVdPac503nXfvmrnSHfsxcW0G1f3K372JafZCUQHbgs lWBribzooXdmd15cF+Q+AeIBARdLzrOSkXjwBrE8Os5fTw8gc0I6wwL7THrF8BIL9PwP TOQVlNr1Dk6bsbOSsooQMzPu3PkrBQXU3ZN3ptxok6prb2fYoyaHYEUcL99KCQnsN4d5 BRJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=U2ylBktXHcyUP4+Gj/Ocd5QYM/iqzivSdSgoMtMAjDQ=; fh=JauvuX4j7Bsp1zY6SldyNHnNwDWfbS1wCM1cVp3ZUhM=; b=O5BUJPzHqCPJxT62v42FJP0CffPx87fDhlD9Y+gbrQRq4+cL9CUg07SgKFkxlyfx3w TsUlh1HS28W2UmZSgskIYQy1Dhjt0cQqZGa+dKHH6QmjcSmmTjuPJxIzZrcyMpN8K4cf 2RUfIWD2HkZs4iuroCfuKQAzaaTKEQzoXHHgmTAMg7ApMX3xQJ04q6I9K6AFoiBZt9Ls 0Vmz4I4UIjxrJP2b/j3j0yIPVvB+NSQn1BXDfIwzzlZDQ9pMmn65QVffdCnbfEu3i+JT 5Ozykh3bFMBva0W2KeQY96F6WQ4Pq3M4GTDjZraBeSfz5fiC3sKUnn1doXb0aEaza6rT K/Lg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772365328; x=1772970128; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=U2ylBktXHcyUP4+Gj/Ocd5QYM/iqzivSdSgoMtMAjDQ=; b=MPnFMWQKaU9hlYJ7n3wpiyzmW+CXdx/jXfY7P+f0DdK072zTjizv1YlGr3trWsDXXw gMUD3AkkZqnP043GRBL/yF4feLzZy8mT1w6EcvbgpDx51lPzmQHw3cNY7I/vQAK0TVT8 RK4ZKmd8R4FwRQnR9511eDXakk2EadvzVQpfND6BkiJqMyVGC1qTmP9kMtKWRVPA9S8J mxXyHgiU4xzYeWUISIeqqrd/hM1xXB3ESftpLq6SdUZhK36VKTuy+g8aSF2dMmlOdgGJ 7UKnWxfYD/57jOjKhF+qlS6MVlMGq4VRdLtbT7JYZ3Qm0ul+B2ZwLH8tfWHYzyg0HFlS ToPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772365328; x=1772970128; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=U2ylBktXHcyUP4+Gj/Ocd5QYM/iqzivSdSgoMtMAjDQ=; b=RBz1qORyNAEyBiPOBDiYfO8C0qkdj09gJAMew9AwuTaNQZAZLh3F4CV6E8DHO9wbok 5FHRAy7Et2NW2NiR/PqfFsoV6xKTbyedKTMPVK/Xi67xcXzPkqu2XmTZXr8aTx49gl2U oT7FnytahcDv6n3GHh7vhEVW9KJMY/gUM6pGTo6pPY39Qs6FkoSPb3Jixz7AWMWEwbb/ WygDlGcfRpijAP2puHCReL5Y9KcIE2EmebsIhfoHHqDMEsFaSz6WD4kQWbalQSfQrWi8 LstS/F/0K9gwFSjwkDkrwZhp9wpnkKW8rbcH/b+kVba01XUvovdWmoSJwg2i7uBI0hZE 2k2g==
X-Forwarded-Encrypted: i=1; AJvYcCU6+eWkLeRfA1Sm6IY1qUmAPhxg+qbhuCRLS3TpCwXloNusi2YeX2JhfZpZoFbG56adTEkA+ZY=@ietf.org
X-Gm-Message-State: AOJu0Yz1/fwMsCvs6oBopNVYEnp+X7/KYZVvUAM+3XyeBHs7QzNm+32v QPDSrgTDe9m/oUlWPhgIVCw93kGh6N3HluqCO/PHIQtN9Bv9nyfq7E8wU+km1sPvpBYchz3OFw+ b5oga/Nm7SMRGPP6HKOCLScsYHJviiw==
X-Gm-Gg: ATEYQzxVzdiqs7uRxt6yfiSUk1x9JvCxGX0SCSEY7y/pkNRXHGFYVsSSSyBotFNmizr ARjVg39Olz/5u5XLoSwJVMOSdfaVmr9cAEGzOsKNuxx3NRHE9ovkuwhZsBReRl9fzms0bOj5pTy NGY1ERzrQrOhs9A3ndG4paQ4lwOcB3SQJ7DYS5m7M3tegXTQqYMNMgyn+oN+WmuLqVxA37hFrkX Hi+1FY5feazzaSiEAj+IXpmWOHgHovVG555MNEYLb3qi/Bv/Tx7FmvjiFuPHh8ac7jAKRHZ0XoD Ws5K8ZW67oD38OhZTePLKKPKPUcuQs7F9p6fbyxSY7rq+cegCy+SCozonJ10WQCxelSS9TugXD4 rKjOpvnSFo0Er/f0tzP52ZqFE
X-Received: by 2002:a05:7300:1483:b0:2bd:f667:306e with SMTP id 5a478bee46e88-2bdf6678ce2mr1366606eec.16.1772365328418; Sun, 01 Mar 2026 03:42:08 -0800 (PST)
MIME-Version: 1.0
References: <177228288906.3152394.3904250162381070877@dt-datatracker-6ff7c68975-7k42g> <8759.1772305461@obiwan.sandelman.ca>
In-Reply-To: <8759.1772305461@obiwan.sandelman.ca>
From: Deb Cooley <debcooley1@gmail.com>
Date: Sun, 01 Mar 2026 06:42:00 -0500
X-Gm-Features: AaiRm50stg_pmtnFhobCJb3RBay9UtoCnRLWFDFF0v12ufqLoPx08cCvidyrsak
Message-ID: <CAGgd1OcQV_qV0X8WR5TWeKpPHUSSnn7UAE0Brdkk6woLwtExrw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="000000000000d00ce4064bf4f5d3"
Message-ID-Hash: ZMJR4XHDEVT4VZKZBVUMJKWCBD7FKA6X
X-Message-ID-Hash: ZMJR4XHDEVT4VZKZBVUMJKWCBD7FKA6X
X-MailFrom: debcooley1@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-radext-radiusdtls-bis@ietf.org, mrcullen42@gmail.com, radext-chairs@ietf.org, radext@ietf.org, valery@smyslov.net
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: Deb Cooley's No Objection on draft-ietf-radext-radiusdtls-bis-15: (with COMMENT)
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/UcePrW9RadbO7B1TlTodq8EyqjM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

'Can we stop this witch hunt?  The world is not all browsers.'

Pardon?  Did I say anything about browsers?  Is it not ok to ask a simple
question?  I find your response offensive.

Also note, my question was about TLS specifically.  I'm well aware that
DTLS 1.3 lags implementations.

Deb

On Sat, Feb 28, 2026 at 2:04 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> <#secure method=pgpmime mode=sign>
>
> Deb Cooley via Datatracker <noreply@ietf.org> wrote:
>     > General:  TLS 1.2, is there a reason to allow this?  While RFC9325
> mandates
>     > TLS1.2, draft-ietf-uta-require-tls13 (in AUTH48-done state, also
> will be under
>     > BCP 195) updates this to deprecate TLS 1.2.   Perhaps one could ref
> BCP195 and
>     > remove the references to TLS 1.2 (or at least reference both 9325
> and the uta
>     > draft)?
>
> Yeah, so the choice for many deployed systems, which could get minor bits
> of
> new functionality, like replacing their radius client library with one that
> does DTLS, is that they won't get a new core system library before they are
> EOL.  Some might be EOL already.  So the choice really is:
>
> 1) cleartext radius with MD5
> 2) (D)TLS 1.2, (probably via openssl 1.1.x, could be older!)
>
> (DTLS *APIS* are a disaster for any version.  I tried to get them fixed
> starting in 2018, but I have gotten nowhere.  DTLS 1.3 libraries are not
> yet
> common.  For many, they will go to TLS/TCP rather than to DTLS)
>
> The text has recommended 1.3. We all want to go there.
> But, implementations have to be ready to support 1.2.
>
> Can we stop this witch hunt?  The world is not all browsers.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>

v2.46.0 | Report a Bug | By Email | System Status