IETF Logo Mail Archive

Re: [radext] CUI comments in "deprecating insecure transports"

josh.howlett@gmail.com Thu, 27 July 2023 09:44 UTC

Return-Path: <josh.howlett@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5760EC169537 for <radext@ietfa.amsl.com>; Thu, 27 Jul 2023 02:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWpRiognH6hz for <radext@ietfa.amsl.com>; Thu, 27 Jul 2023 02:44:00 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E587EC169534 for <radext@ietf.org>; Thu, 27 Jul 2023 02:44:00 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-3fd18b1d924so7359915e9.1 for <radext@ietf.org>; Thu, 27 Jul 2023 02:44:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690451039; x=1691055839; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=WdUoeZyIZjLAotlwgcudg+2lt0fsl5xIf3HiH2IruaE=; b=K5paxu98HZ41yUXr7rKU1oaf+0WmmXkv5IZp8LGcfzvFD5DGdAKSaN5Doj+I7bZIOI CgziZtHrEZIEm/mP/7yU43jpehUtKbMt279Ljur0eZp7NIySaSGoTGel3GGefKIzLMvS ipDWpSl/DegiHTqzwvSodlRt0DLZIvMZx51fbXHdhfMLUEhr8vuPDsePKHeOfeNKw6Q4 MFxq6wcdiEGKLKAeq1SdjT+TvXFqud8zNuEeQ0B1ku7WqRtZzGxFqVtcke2EiRbWtQcx IkCNI3pm4UFB9UZ3WAp2BE+vVYrqhV2u8unG6FLafoE1IOGQNdo0CJg+AfiF1aIOtfG+ 2mDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690451039; x=1691055839; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WdUoeZyIZjLAotlwgcudg+2lt0fsl5xIf3HiH2IruaE=; b=acImAZxhcCEtRMtjQZbvrL/Zl0xksrLHTHfOaD2VCKWrHw1BrOF79xVQmc0vj1Qngj rkcJ0FkgBI3dhB9kgY/B53jPm5qIYSHhfWSPwEIfpxqh22E1xtsu9uxBMW1+5b7Vqj90 6tN8zkoaujyfz9sOkmSx5gALs9NtNLoPPm2cmbtp2an0kAb+Pg+3uA36utSZg08ZO11v 72vjH8i8DGYa9WVmD4/lOiFzK9U/OGqWBh18ZtWTE9iPtFfbFjaToqKOTD6AnA+G9KUZ mnP1ls5Ixa9F73pDt18biWVb5AlBbs6UXAR7/kN6CT39zyGoq0LG44FrHeY3obF7zzow oyDQ==
X-Gm-Message-State: ABy/qLYNfYMw0fnVDV0uJIfKzDfpIAujLViUSqsX7MY0MoywxOiusGHo GNayXJZ4dm4mqAinzTCEbfUYxidPLpM=
X-Google-Smtp-Source: APBJJlEbur93u82IjAayUei2QtDZ5rtt12hmDZO2hXRklRohNcfmTyHn5qdBdMar1bFi8B878AMifg==
X-Received: by 2002:a05:600c:22da:b0:3fc:e00:5275 with SMTP id 26-20020a05600c22da00b003fc0e005275mr1145819wmg.2.1690451039070; Thu, 27 Jul 2023 02:43:59 -0700 (PDT)
Received: from TABLET7VKS5QAO (host81-142-222-159.in-addr.btopenworld.com. [81.142.222.159]) by smtp.gmail.com with ESMTPSA id q9-20020a1ce909000000b003fc04d13242sm4224476wmc.0.2023.07.27.02.43.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Jul 2023 02:43:58 -0700 (PDT)
From: josh.howlett@gmail.com
To: 'Arran Cudbard-Bell' <a.cudbardb@freeradius.org>, 'Alexander Clouter' <alex+ietf@coremem.com>
Cc: 'Arran Cudbard-Bell' <a.cudbardb=40freeradius.org@dmarc.ietf.org>, 'Alan DeKok' <aland@deployingradius.com>, 'Margaret Cullen' <mrcullen42@gmail.com>, radext@ietf.org
References: <06c301d9bfc0$e07154d0$a153fe70$@gmail.com> <5390176A-A8D1-40E5-AA3B-9008328650F9@gmail.com> <0D326753-2295-4FA9-B14E-06FE55C9AFB4@deployingradius.com> <61776FFB-7C8B-4234-8B1F-C4F33150106D@deployingradius.com> <3752E2C9-D184-4C0F-9474-6FAE1204C107@freeradius.org> <6e9100c1-9be2-4526-9283-e3e5f21c38e3@app.fastmail.com> <B6E8FDC6-53D7-4FA1-BE39-9228F5BC4253@freeradius.org>
In-Reply-To: <B6E8FDC6-53D7-4FA1-BE39-9228F5BC4253@freeradius.org>
Date: Thu, 27 Jul 2023 10:43:57 +0100
Message-ID: <07d601d9c06e$ddbee0f0$993ca2d0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQL+Ux625NMMzhX+xKfhhcfeCXYRdgEwY4veAZS0yfsB4wCpjQGxdn0tAk8mlskCnby2za0qAxGA
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/ciS7Feb-ckFHHz0Ulg3m6iGN6Bw>
Subject: Re: [radext] CUI comments in "deprecating insecure transports"
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jul 2023 09:44:03 -0000

> Apparently private macs change every 24hrs as of iOS 14, so that's
something.
> Max ticket lifetime is 7 days as per 8446.

I thought I'd read somewhere that vendors were converging on using a
different but persistent MAC for each network. I could easily be mistaken
though.

v2.35.0 | Report a Bug | By Email | System Status