IETF Logo Mail Archive

Review of draft-zorn-radius-keywrap

Alan DeKok <aland@deployingradius.com> Tue, 14 December 2010 16:34 UTC

Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E28828C0DD for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Tue, 14 Dec 2010 08:34:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.579
X-Spam-Level:
X-Spam-Status: No, score=-102.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i6TEyFOKY9c8 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Tue, 14 Dec 2010 08:34:25 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C7B6D28C0DB for <radext-archive-IeZ9sae2@lists.ietf.org>; Tue, 14 Dec 2010 08:34:21 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1PSXnX-000Jv1-5s for radiusext-data0@psg.com; Tue, 14 Dec 2010 16:32:19 +0000
Received: from liberty.deployingradius.com ([88.191.76.128]) by psg.com with esmtp (Exim 4.72 (FreeBSD)) (envelope-from <aland@deployingradius.com>) id 1PSXnU-000Juc-LC for radiusext@ops.ietf.org; Tue, 14 Dec 2010 16:32:16 +0000
Message-ID: <4D079C0D.5000608@deployingradius.com>
Date: Tue, 14 Dec 2010 17:32:13 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
MIME-Version: 1.0
To: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: Review of draft-zorn-radius-keywrap
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
List-ID: <radiusext.ops.ietf.org>

  This is a review of the draft-zorn-radius-keywrap document.

  First off, as co-author of the "Guidelines" document, most of the
comments below come straight from that document.

  The keywrap document defines a new RADIUS packet signature method, at
a time when TLS and DTLS transport have been worked on for a number of
years.  This new signature method has had little security analysis, in
contrast to TLS.

  The documents defines a multi-field "text" attribute, which
contradicts Section 3.2.3 of the guidelines document.  It does so
withing a Vendor-Specific space, which is permitted by the documen.
i.e. vendors can do anything they want in their space.

  However, anything that's done in the Vendor-Specific space does not
need to be published as an IETF document.  So I'm a little unsure as to
the purpose of this document.  If it's a vendor extension, there's no
need for an IETF document.  If it's for use in the wider community, it
should follow Section 3.3.1 of the guidelines document:

   The design and specification of VSAs for multi-vendor usage SHOULD be
   undertaken with the same level of care as standard RADIUS attributes.
   Specifically, the provisions of this document that apply to standard
   RADIUS attributes also apply to VSAs for multi-vendor usage.

  All in all, the draft contradicts the guidelines in pretty much every
respect.

  Alan DeKok.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email