Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04
Sam Hartman <hartmans@painless-security.com> Mon, 08 April 2013 17:21 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B458C21F9777 for <radext@ietfa.amsl.com>; Mon, 8 Apr 2013 10:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFKzhkCls+zR for <radext@ietfa.amsl.com>; Mon, 8 Apr 2013 10:21:21 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 2E66721F9773 for <radext@ietf.org>; Mon, 8 Apr 2013 10:21:20 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (c-98-216-0-82.hsd1.ma.comcast.net [98.216.0.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id 7F5DB20556; Mon, 8 Apr 2013 13:19:56 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id BEC3B4499; Mon, 8 Apr 2013 13:21:17 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: Alan DeKok <aland@deployingradius.com>
References: <1A5FDF7C-9E93-447E-A103-9700349CB2F5@gmail.com> <alpine.WNT.2.00.1304021450180.3988@SMURF> <515C3604.3040406@deployingradius.com> <alpine.WNT.2.00.1304042021411.3988@SMURF> <tslli8xnoms.fsf@mit.edu> <515ED047.3040200@deployingradius.com> <alpine.WNT.2.00.1304051020120.3988@SMURF> <5160255B.40409@deployingradius.com> <alpine.WNT.2.00.1304060913320.3988@SMURF> <5160B785.8070703@deployingradius.com> <tslppy5i2dm.fsf@mit.edu> <5162C651.2000200@deployingradius.com> <alpine.WNT.2.00.1304080801440.1952@littlesmurf> <tslppy5ghnf.fsf@mit.edu> <5162F9BA.7030500@deployingradius.com>
Date: Mon, 08 Apr 2013 13:21:17 -0400
In-Reply-To: <5162F9BA.7030500@deployingradius.com> (Alan DeKok's message of "Mon, 08 Apr 2013 13:09:14 -0400")
Message-ID: <tsltxnhey5u.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: radext@ietf.org
Subject: Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/radext>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2013 17:21:25 -0000
>>>>> "Alan" == Alan DeKok <aland@deployingradius.com> writes:
Alan> Or... we can delete all of the text around upgrade paths,
Alan> and just use a different port.
Well, I'm actually not sure about the security of this.
Even if you use a different port, don't you still have all the bid-down
issues?
I mean what stops an attacker from sending you UDP traffic that's from a
client that should be using DTLS.
I don't mind using a different port, but I don't think it helps much
with this discussion.
- [radext] WGLC #2 for draft-ietf-radext-dtls-04 Jouni
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Jim Schaad
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Jim Schaad
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Jim Schaad
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Joseph Salowey (jsalowey)
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Jim Schaad
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Dave Nelson
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Arran Cudbard-Bell
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Arran Cudbard-Bell
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Peter Deacon
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Sam Hartman
- Re: [radext] WGLC #2 for draft-ietf-radext-dtls-04 Alan DeKok