IETF Logo Mail Archive

[radext] suggested charter text wrt FIPS-140

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 24 November 2022 21:10 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF632C14CEE3 for <radext@ietfa.amsl.com>; Thu, 24 Nov 2022 13:10:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AtXNQXFm338k for <radext@ietfa.amsl.com>; Thu, 24 Nov 2022 13:10:49 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-db5eur01on2103.outbound.protection.outlook.com [40.107.15.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DE1EC14CEEA for <radext@ietf.org>; Thu, 24 Nov 2022 13:10:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SDCqcRGUjEUD1vskq/NTh52NtHaO48AFATlTrwdSJ+iVgHp4IO4YgE+nHfdC/+3mM04tG9X3Nd9JkaeJ6vevWiCWQtp+xaHNwEnppE+bL5bIV9ATySDD298az+dWWaET5DfGp7bye8odJ45UD1X+NOpg8E6x0a1WfQJHPhtUXa8YjgaYjp1iP9sndI3W4E3YCIERqTcBz/0qCObHSxRZ5KnPKvwFA2y3tC/fSgLUkxv6QBukVD/K66ks76AhV8T4gscOo9guHjFO7P8ayTIYOFjjiwwN4VcmXB6PR2nWwUUx/a6F9Al9KHrBG4eNeEEuzy0aivKVNEtmY31qTCM/SQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BzrwohMQVYcdAS/1ea4LrAfDQh0k97j7OtbIS8WpxkI=; b=VEm435NypEt7AijlkbvkE6VxhDLDHQFdL0Ygv49Zs8K7XChLSvW1sfu8t4V9xDUrbwCOmEWXKsH5JX1S7MPaoKd6bv05mamkUjcR3ASeood78e2cGiEYpOr+8QNEZXeNRdhphmN5TaKJvNOwKgAxxNkSUkByJW7FXG0CzylgydyNrOdSi7MSYhwSBkigXrKPGcdl+swhyVpqjjf4k/4VWipleZyMj0FAyxB1WRirVchaQc0ucKEHHaP8/q105nWX3dokTXFyYX/pS2ee9nBueyv/Y6Lys3nvspHYKsUumFiULHczr9AXiRblzbfWWMzf3BbsT5AFnR7N7vCmnrdA/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BzrwohMQVYcdAS/1ea4LrAfDQh0k97j7OtbIS8WpxkI=; b=Vc6Lg5qynG3wRu4ic3X7u4vnXcpp7Y04JMz+fj3bOH/XlWApcMpDk7sZU2sM10DMjAoEWdHfvDE8lBsy65zdbS5UsgGsZo8g8lfLManltQykxHaJhuGLXE0UTnSGGBDdOs6VkJLYWC9Wmci0zAjEo1rqaNeyKacyxHFOm1xxCbdRFA0F7RyZ4hU4OvhG/JIrycFePoPPumknvXn1kvYDkFqIPQFwrNhb0ZpiihPezHlWQddjJIgDa0QejY+WYWlxQlnDn4e9+h2qVvyvnI1LqgeVMXEa+HXalaTXke9/mlQ0z6uXCaD4tWvkrPIAcJ4N9tPMPDeOaey6uC6PuKvgPw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AM9PR02MB7347.eurprd02.prod.outlook.com (2603:10a6:20b:3ea::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.19; Thu, 24 Nov 2022 21:10:44 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::ec35:f546:d772:4fc6]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::ec35:f546:d772:4fc6%4]) with mapi id 15.20.5834.015; Thu, 24 Nov 2022 21:10:44 +0000
Message-ID: <f775bfc9-2d6b-1f7c-a96e-08d6e79b9f7b@cs.tcd.ie>
Date: Thu, 24 Nov 2022 21:10:41 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: radext@ietf.org
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------bl9Ko0erk06PuiQ00sfjfnYR"
X-ClientProxiedBy: DB6P192CA0008.EURP192.PROD.OUTLOOK.COM (2603:10a6:4:b8::18) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AM9PR02MB7347:EE_
X-MS-Office365-Filtering-Correlation-Id: 064ec2d6-ad99-4705-3001-08dace6059b7
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9DLeSnVDBrn0bZulDhlsVxJMcmNYLP5M1woQ59UGVeU8LJVaNy83LC6xLazONY2ok/ctp/T0SoYqC7Ej90bI8e3+KtJTu9kLC3ddzr+DiXqnfiO75A4QkyYbI16nL71eM+M43TmhQuz0J3qqy/QymaIcTUd6wWGH88q0Xp0+zygxdekIm4mQJINNCPn7paJ/E1VeqP+lQUMnhaVOAPkA+9p8lxXYH1D8cDbFhQFuHr5VOSTPEVgKfWlX3fYaMHdFqRwYl2rYKHjz6l/BCKesVp6Fok0cf64gKEFpCL0Iy2nFaOjZDypEEGd8Wb9/WRC6mCENk0amGYoYbCQwH7+Yj655UtARhurWfbQ89xwdh79kj4vfK8bse7bsQCIyskxI+Y73YnD4/Sa+0nOaybTWgjD3LVeAHtXNgoM6aQTtKpuoST1a8wTf8vJcBFpWGGfpj9Cl+JGg0TRMqc8+dlX925cQ9M8BiB4QVXKpj36hPSkefGqrprMQxaY2MDqTyJd3xCf74pSXwCZx94E0uMTnveVyj5FDydqvdIVo/THjMkWeUdGARNhkop8NdzEVdolOa/RgUJvkEUUQlt2OigpHm6TFJN0B26kEURcBjJyKjR1GzGFoZpBy1Qxi8JTqKLbKACBWGIgyVb1a15RnhQEMUfgPx/pVdZKUv+Sh2wjMTwdAZ0i35PAl5l+CfZH5XH/f9oompazZfSUBfLXPgeKpFCBAKfbNlfrDv9ohpZvTzHG8bVuGQwA+epM1QfNgViv6kgbvBKgjOFTWXXGY/tft6ZIBysoayLyGul2JmSpakFU=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(136003)(346002)(376002)(39860400002)(396003)(451199015)(6512007)(36756003)(31686004)(33964004)(38100700002)(966005)(41300700001)(66476007)(66556008)(8676002)(86362001)(66946007)(31696002)(21480400003)(2616005)(186003)(41320700001)(6666004)(6506007)(478600001)(6486002)(316002)(6916009)(786003)(8936002)(83380400001)(2906002)(44832011)(5660300002)(235185007)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: FMw6/FUKkzKXkR7x2chFk08TWVR5qKyAjHaYoWZ4zWJgU5a2fKhag1IKfEGb/pcpSj0xpvZ0ON++ySMq0Cc97cqHlyO+O1hMKbwenLMjWMsFWx176pgSBfan1s/xeGuDoEwJMWDI1WdiNv7ITqRv0kIgN/OkcZqoClguYkgG8FlzYJVWqqAG9BN9jtPANV/cpmBK2ExYFKrxpMq07mtvx92Dkx9YColKju2ejq0p0E33BSWzHdzUTMlaDgr2X8zJsFVE7wjECKEANYRsQWIP5+2FNDDF5RI/IwcCGKRTLhxa5pg7T46jHJKOCmnPoAa/p1OnjKM5RBuCq1bLLeUqNg/8UqB4BCqLYBRBNZMlcPOcCCwmg46cIowRDP26+yn+lsM9YFYGQPAPnfnd4pTYA+KJmleAqWIbx69Yp3WbtSl6aFjMdduGCWcbu6My28cs9wg1L3/ZfxV+7OuiqRXQ1+ZOtoDxiPi7+EZtGWmlKOSUjgKUf7Ji/w5Mdj/nly29x36hlJxzglkOct/t8eZ5SkGk2RmXb3ECVKKxMvgqaixDwOAOBwMtvhFOMYUICQph7JfKacak6Aj6k7TrIlJzElGKdXIkuAeGvS+LSkD08rinAibqOY3/R4AxnfW/AixSzn+Lw1zJ4kKsaclREo2fqlqQQ88+cU7yuJdIz+BOnKF3PEbBVKPZQrOFhbuEEzCb4aDuA8FIBgxwN7odEYsZqRQQVCuOJQLfysJ87XqDIRHXsbUFjreCxWo8jeMXdDeXNga6bk77aoZDT+P7WUtJDOfuQxhskybLYu32MlhKKndSGoLQIfQk3mXUaRSUzaPd7JyGLjl55ovU8M3YVsAqnYc9cD7hHWpSsjTgmz05X5wVm80mHeTsV3hVfpX1MQ9EUMnrQW9xJPuP+t8PUxzv1iiIgXMjEjmlurv4fNGYkiq/JSfWl3Q0EyUsh56Gt61x6ewzeImSWqQ4hfsKezESec/PNM7hki6LogZY+pHBLmuZUvYYF8uC16N+xefkdkN6FzdXYw+KAMk66l28ZfWdGoRGDgB1BuQGSfUGtXPQnyyCqcEsEVnd8iOvHudoXr/p76kW2DHkijkmFH9sVRLzIhCN8Ni9eRo5tkT8Psg5dvn1bH4qsQddFDFpQJJSli1PP7H0T2HM6MzAVLKqO54K62o6aFT6aFkTqh/U36ZKffFhM4D5D+DrC0OyC9YApW26+aO3Kt8Wtsw4pn5WiC4s/BjGCprehEShqybkwORfQtufc2/L2A9HFKdJQPhAgeboyidOl1CJcBZ/OPyQ3kFJ6DLEgkySz4MrQu2H+1wm3ge/AKcTD43Kgt3UMhSDqQijwHyHb+jUGVhOJsFvUDR7z8aF0+gyLIvldsC3Ge8aSCQSlnSRi4OsLuBTVpcK7nTx7b6z8YwEP49D/n/QrU6mHXXmO0cedsuK9hpcDMacSbMahKyM2nKvJUADvtBBldMdXQ7SNYhEyNHBkmr9JQCVJdBc6gh/kPAb7/R4PKqm2t+21bz81LkhQNNdIxonIk72vhjnpHwzzxBikOGmLKdviwfzWdBlN0vs9Vo3gk35lPUqqCGwwopAhuse2OcYjLNArQQ06zel8Z9usbqSvKs283Lq1Bl0NqTM2ss4pTrFEdPVW0JERfG3wHVy3O0f2sNG
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 064ec2d6-ad99-4705-3001-08dace6059b7
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2022 21:10:44.6987 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: XxamlqGybyMmVofVJ7y+O3fvV6eGCaIqSv9PL9IC4ayCmSZqOO/knHuTkmjXpLUv
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR02MB7347
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/e-i-DdkI9VlUwohvoFYSEQaMAYA>
Subject: [radext] suggested charter text wrt FIPS-140
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 21:10:54 -0000

Hi all,

Based on yesterday's and today's discussion I'd suggest the
following change to the draft charter [1] text on that:

OLD:

    - Defining a secure variant of RADIUS which can be used in
      a FIPS-140 compliant environment.

NEW:

    - Document WG consensus on requirements for RADIUS (not
      necessarily in an RFC) in a FIPS-140 environment and
      subsequently define a secure variant of RADIUS that can
      be used in such a FIPS-140 compliant environment.

The "(not necessarily in an RFC)" phrase is more or less
what we did in the lake WG where the requirements are still
in an I-D [2] but we did a WGLC on that before moving on
to protocol specification.

If that's ok with people then I suggest our AD make that
change to [1] and the FIPS-140 stuff can be figured out
when the WG is chartered, i.e. we'd not need to bottom
out on it beforehand.

Cheers,
S.

[1] https://datatracker.ietf.org/doc/charter-ietf-radext/
[2] https://datatracker.ietf.org/doc/draft-ietf-lake-reqs/

v2.23.0 | Report a Bug | By Email