[radext] Fwd: New Version Notification for draft-dekok-radext-deprecating-radius-02.txt

Alan DeKok <aland@deployingradius.com> Wed, 26 July 2023 00:38 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8B61EC151B0F for <radext@ietfa.amsl.com>; Tue, 25 Jul 2023 17:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id CHdhw_TcWqBD for <radext@ietfa.amsl.com>; Tue, 25 Jul 2023 17:38:07 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 146A3C151B0B for <radext@ietf.org>; Tue, 25 Jul 2023 17:38:06 -0700 (PDT)
Received: from smtpclient.apple (dhcp-8aa8.meeting.ietf.org []) by mail.networkradius.com (Postfix) with ESMTPSA id C13C43C6 for <radext@ietf.org>; Wed, 26 Jul 2023 00:38:04 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
From: Alan DeKok <aland@deployingradius.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9E52CC5C-30B2-44FE-B04E-A36781C71BA7"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.\))
Message-Id: <D522C7F4-1080-451D-9ECC-12CDAD23A59D@deployingradius.com>
References: <169033124042.23703.5142311414113665038@ietfa.amsl.com>
To: radext@ietf.org
Date: Tue, 25 Jul 2023 17:38:04 -0700
X-Mailer: Apple Mail (2.3696.
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/hAWQC43aRIHMlXZZKLOdzfxYh1M>
Subject: [radext] Fwd: New Version Notification for draft-dekok-radext-deprecating-radius-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 00:38:09 -0000

  I've added substantial text on how to make existing uses of RADIUS more secure.  e.g. use EAP when proxying outside of your local network.

  Thanks to Margaret and the WG for making concrete suggestions at the meeting in SF.

> Begin forwarded message:
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-dekok-radext-deprecating-radius-02.txt
> Date: July 25, 2023 at 5:27:20 PM PDT
> To: "Alan DeKok" <aland@freeradius.org>
> A new version of I-D, draft-dekok-radext-deprecating-radius-02.txt
> has been successfully submitted by Alan DeKok and posted to the
> IETF repository.
> Name:		draft-dekok-radext-deprecating-radius
> Revision:	02
> Title:		Deprecating RADIUS/UDP and RADIUS/TCP
> Document date:	2023-07-25
> Group:		Individual Submission
> Pages:		24
> URL:            https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-02.txt
> Status:         https://datatracker.ietf.org/doc/draft-dekok-radext-deprecating-radius/
> Html:           https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-02.html
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-dekok-radext-deprecating-radius
> Diff:           https://author-tools.ietf.org/iddiff?url2=draft-dekok-radext-deprecating-radius-02
> Abstract:
>   RADIUS crypto-agility was first mandated as future work by RFC 6421.
>   The outcome of that work was the publication of RADIUS over TLS (RFC
>   6614) and RADIUS over DTLS (RFC 7360) as experimental documents.
>   Those transport protocols have been in wide-spread use for many years
>   in a wide range of networks.  They have proven their utility as
>   replacements for the previous UDP (RFC 2865) and TCP (RFC 6613)
>   transports.  With that knowledge, the continued use of insecure
>   transports for RADIUS has serious and negative implications for
>   privacy and security.
>   This document formally deprecates the use of the User Datagram
>   Protocol (UDP) and of the Transmission Control Protocol (TCP) as
>   transport protocols for RADIUS.  These transports are permitted
>   inside of secure networks, but their use even in that environment is
>   strongly discouraged.  For all other environments, the use of secure
>   transports such as IPsec or TLS is mandated.
> The IETF Secretariat