[radext] I-D Action: draft-ietf-radext-deprecating-radius-03.txt

internet-drafts@ietf.org Wed, 07 August 2024 22:57 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: radext@ietf.org
Delivered-To: radext@ietfa.amsl.com
Received: from [10.244.2.52] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 40240C1840F7; Wed, 7 Aug 2024 15:57:45 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.22.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <172307146488.195.5232088029921985934@dt-datatracker-6df4c9dcf5-t2x2k>
Date: Wed, 07 Aug 2024 15:57:44 -0700
Message-ID-Hash: YY7TTKDRPP4HZ664WV3IVHHITGETL6VX
X-Message-ID-Hash: YY7TTKDRPP4HZ664WV3IVHHITGETL6VX
X-MailFrom: internet-drafts@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: radext@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: radext@ietf.org
Subject: [radext] I-D Action: draft-ietf-radext-deprecating-radius-03.txt
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/eMUaq3WHK5BUO8_RNsMhZgoS8vw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>

Internet-Draft draft-ietf-radext-deprecating-radius-03.txt is now available.
It is a work item of the RADIUS EXTensions (RADEXT) WG of the IETF.

   Title:   Deprecating Insecure Practices in RADIUS
   Author:  Alan DeKok
   Name:    draft-ietf-radext-deprecating-radius-03.txt
   Pages:   77
   Dates:   2024-08-07

Abstract:

   RADIUS crypto-agility was first mandated as future work by RFC 6421.
   The outcome of that work was the publication of RADIUS over TLS (RFC
   6614) and RADIUS over DTLS (RFC 7360) as experimental documents.
   Those transport protocols have been in wide-spread use for many years
   in a wide range of networks.  They have proven their utility as
   replacements for the previous UDP (RFC 2865) and TCP (RFC 6613)
   transports.  With that knowledge, the continued use of insecure
   transports for RADIUS has serious and negative implications for
   privacy and security.

   The recent publication of the "BlastRADIUS" exploit has also shown
   that RADIUS security needs to be updated.  It is no longer acceptable
   for RADIUS to rely on MD5 for security.  It is no longer acceptable
   to send device or location information in clear text across the wider
   Internet.  This document therefore deprecates many insecure practices
   in RADIUS, and mandates support for secure TLS-based transport
   layers.  We also discuss related security issues with RADIUS, and
   give recommendations for practices which increase both security and
   privacy.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-radext-deprecating-radius-03.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-radext-deprecating-radius-03

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts