Re: [radext] I-D Action: draft-dekok-radext-deprecating-radius-04.txt
"Mark Grayson (mgrayson)" <mgrayson@cisco.com> Mon, 02 October 2023 16:55 UTC
Return-Path: <mgrayson@cisco.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35993C151068 for <radext@ietfa.amsl.com>; Mon, 2 Oct 2023 09:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.604
X-Spam-Level:
X-Spam-Status: No, score=-9.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="Kvr9/rxC"; dkim=pass (1024-bit key) header.d=cisco.com header.b="ouUbgDVl"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h16ufR3c_Np2 for <radext@ietfa.amsl.com>; Mon, 2 Oct 2023 09:55:39 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E53AC151065 for <radext@ietf.org>; Mon, 2 Oct 2023 09:55:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17377; q=dns/txt; s=iport; t=1696265739; x=1697475339; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=r3x7vxas8YVdZe+hoHfIP0YIBCs9iIJQn3DUeyAqQCs=; b=Kvr9/rxCCIojj3T8zW0gNlzh4yQwjdKf4Fe7TzD7gVg1C5t6ouK2qdcr d3Fyj0/VqqQzsKwsrDRMQoW+qdHWJUx+snBhgjTZLqEyx/Sd7uJxykbmW ndoxYU338R03Dl10fF0qqi1dWT4RUw6YqOTt0TqCp4Zy9W5UzRSMtcSMD E=;
X-CSE-ConnectionGUID: Vh0a5W3yR7C1fZ0DWh4q8g==
X-CSE-MsgGUID: MhrVjGW6R7u7GH7y8Lj1sw==
X-IPAS-Result: A0ALAADR9BplmI0NJK1QChsBAQEBAQEBAQUBAQESAQEBAwMBAQFAJYEWBgEBAQsBgTMxUncCWSoSR4geA4ROX4hjA5cthk+BJQNWDwEBAQ0BAS4BDAkEAQGEQUYChwsCJjQJDgECAgIBAQEBAwIDAQEBAQEBAQIBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhWgNhkwBAQEBAgEBARAuAQEsDAQLAgEIEQMBAgEuJwsdCAIEARIIGoJcAYIWJSMDARAGpmQBgUACiih4gTSBATuBTgEBBgQFgTwCEEGwXQMGgUgBiAkBgU6HGYEfJxuBSUSBFUOCaD6CYgEBAQEBF4EZBBEaHg2DZ4IvhSuDLG2BZIEQggQVLgcygQsMCSZfW4J+gRSCBUiHbiqBCAhdgWo9Ag1UCwtdgRFROIE7AgIRJxITR3AbAwcDgQQQKwcELxsHBgkWGBUlBlEELSQJExI+BIFngVEKgQY/EQ4RgkMiAgc2NhlLgl4JFQY7BEp2ECsEFBeBDAgEah8VHjcREhcNAwh2HQIRIzwDBQMENgoVDQshBRRDA0cGTAsDAhwFAwMEgTYFDx4CEBoGDicDAxlOAhAUAz4DAwYDCzIDMFdLDFoEJgNEHUADC209NQYOGwUEZFkFogYKGW0ygTgJAREUgTABAyonAgkLDi0MICQxNCMFEQsCLZJSjkpHgTSfcoE3CoQMjAGVPBeof2KYMiCNQpR1S4R9AgQCBAUCDgEBBoFjOoFbcBUaIYJnUhkPjiAZg1+FFIpldgI5AgcLAQEDCYZIgiaCWwEB
IronPort-PHdr: A9a23:36fYqxxwsgImueHXCzMRngc9DxPP8539OgoTr50/hK0LK+Ko/o/pO wrU4vA+xFPKXICO8/tfkKKWqKHvX2Uc/IyM+G4Pap1CVhIJyI0WkgUsDdTDCBjTJ//xZCt8F 8NHBxd+53/uCUFOA47lYkHK5Hi77DocABL6YA96PO3kAYnUp8+2zOu1vZbUZlYAiD+0e7gnN Byttk2RrpwPnIJ4I6Atyx3E6ndJYLFQwmVlZBqfyh39/cy3upVk9kxt
IronPort-Data: A9a23:RP6CZ6t7TMS9wijQwLGVOTHDvefnVHdeMUV32f8akzHdYApBsoF/q tZmKTrUPv+KajPzfNF+bY+1p0JX757Rn4dnSFNrriFmHygQgMeUXt7xwmUckM+xwmwvaGo9s q3yv/GZdJhcokf0/0rrav656yAkiclkf5KkYMbcICd9WAR4fykojBNnioYRj5Vh6TSDK1vlV eja/YuHYzdJ5xYuajhPsvrb8ks21BjPkGpwUmIWNKgjUGD2zxH5PLpHTYmtIn3xRJVjH+LSb 44vG5ngows1Vz90Yj+Uuu6Tnn8iG9Y+DiDS4pZiYJVOtzAZzsAEPgnXA9JHAatfo23hc9mcU 7yhv7ToIesiFvWkdOjwz3C0HgkmVZCq9oMrLlCBsZSaknKdYkGz6KxgPhkaAo1E47Z4VDQmG fwwcFjhbziKg+awhbm8UOQp1oIoLdLgO8UUvXQIITPxVKl9B8udBfyRo4YEhV/chegWdRraT 88WczN+dxPGSxZOIVwQTpk5mY9Eg1GmLWAC9A3N+vRfD2776Qxr7rrCD4TvJcHVauUKjxa8p Dvd4DGsav0dHIXPlWXamp62vcfVlC/2SJ46FbCk+LhtmlL7+4AIIBQSUV3+qv6jhwvuHdleM EcTvCEpqMDe6XBHUPHDX0Wx/UHfryRDcINeIbUW1wHR0/rbtlPx6nc/chZNb9kvtckTTDMs1 0OUk96BOdCJmODMIZ563urJxQ5eKRT5PkdZPndcFlFtD83L5dBt006UEr6PBYbo1rXI9SfML ydmRcTUr4oCic8Gv0lQ1Q+a22P8znQlo/Jc2+k6dmuh6gU8b4m/asn4r1Pa9v1Hao2eSzFtX UToeeDAs4ji7rnUy0Rhpdnh+pnyuJ5p1xWA2TZS82EJrWjFxpJaVdk4DMtCDEloKN0YXjTif VXevwhcjLcKYir0NP8qO9nsUpR6pUQFKTgDfq2EBjapSsYpHDJrAAk1DaJt9zm3yRN1wf1X1 WmzKJvyXR729piLPBLvF7tCjtfHNwg1xHjYQtjg3g+73L+FDEN5up9bWGZimtsRtfveyC2Mq o43H5LTl313DrakCgGJqtF7ELz/BSVhbXwAg5YJJrfrz8sPMDxJNsI9Npt7IdI8x/QLx7aSl px/M2cBoGfCabT8AVziQlhoaajkWtB0qndTAMDmFQzAN6QLCWp30JoiSg==
IronPort-HdrOrdr: A9a23:Kom7vq+BJ4SEp1WAZqJuk+GQdr1zdoMgy1knxilNoENuA6+lfp GV/MjziyWUtN9IYgBfpTnhAsW9qADnhO9ICOgqTPuftWzdyQmVxe5ZnPHfKlHbakrDH6tmpN hdmstFeZLN5DpB/LvHCWCDer5KrqjjgcSVbKXlvgtQpGpRGthdBnJCe32m+zpNNXF77PQCZf yhz/sCjQCNPV4QacO2DGQEWe/sm/3n/aiNXTc2QzQcxE2rlz2H1J7WeiL04v4ZaVxy6IZn1V KAvx3y562lvf3+4ATbzXXv45Nfn8ak4sdfBeSX4/JlawnEu0KNXsBMSreCtDc6rKWE81Axiu TBpB8mIoBa927RRGeouhHgsjOQkArGqkWSimNws0GT5PARdwhKT/apQrgpNScx3nBQ/u2UFp g7mV5x+aAnVC8o1x6Nl+QgHysa5XZc50BS39L6SxdkINAjgHg7l/1GwGpFVJgHBy7084YhDa 1nC9zd/u9fdReAY2nepXQH+q3mYp0fJGbOfqE5gL3c7xFG2HRii0cIzs0WmXkNsJo7Vplf/u zBdqBljqtHQMMaZb90QL5pe7r7NkXdBRbXdG6CK1XuE68Kf3rLtp7s+b0woOWnYoYBwpc+kI nIFFlYqWkxcUTzDtDm5uwAzjndBGGmGTj9wMBX4JZ0/rX6WbrwKCWGDEsjlsOxys9vdPEzm8 zDT66+L8WTWVcGQ7w5rTEWc6MiXEUjbA==
X-Talos-CUID: 9a23:vXXZem3kAxjJMSmAiJ3RzLxfJMB9eyDil2bqfGThB1QxZIKVFUbA9/Yx
X-Talos-MUID: 9a23:VsDtsgmotilirG/ZtCgpdnpHNN1W4YuRVnpSjMopm5aVZQhyYiyC2WE=
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-7.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2023 16:55:38 +0000
Received: from alln-opgw-1.cisco.com (alln-opgw-1.cisco.com [173.37.147.229]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 392GtcR0013200 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <radext@ietf.org>; Mon, 2 Oct 2023 16:55:38 GMT
X-CSE-ConnectionGUID: BEzOcgXzRD+jiUGlbJqmFA==
X-CSE-MsgGUID: hAFNBOoHRw+xlwOwPz5laQ==
Authentication-Results: alln-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=mgrayson@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.03,194,1694736000"; d="scan'208,217";a="3339261"
Received: from mail-sn1nam02lp2045.outbound.protection.outlook.com (HELO NAM02-SN1-obe.outbound.protection.outlook.com) ([104.47.57.45]) by alln-opgw-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2023 16:55:37 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k1n8TwAHIOAaw+QoTbpHe14Pq+NAcUCcWsfRKQxa7Qr/PcmemfGPpluyu6ComXIERMp+hL/36UHW+h0S3PFTUd0PzcaiqlwKa/uZti6Uid4TZ1P5fnt/rftW6Xd3uDX2D7nySU2iWExKCcGQcregCxP+fEtKd4ZG5I0e+F1LJAts2ETC2mbAHRvAFnIz6J14fYZG0erpJboPdKFPxMfvL9vjbhOJWIxZ+AkaQbVskzauTsvvvMtKX3IgASXPVvrkhBKX+pUmhMmaLUBAwrnGyOufbkoraFZ2ObNloxH5G6IQzfi7/Ys73jm4dIMtq/IAlxRWyHq3jAcy3kgR69EpUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3O3TTlM4WADP+5XdPyFFz4QYsg/HR765yQIpJ7f07Ig=; b=kYVNREBn85WGLyhZczOHhwLDicoIs56/RA3OfqL6Db9eYxOkOi9tJSIM/n6Ya6IdBW/9LJIffrnf9Oaes8g9l2LhAiBOfWHBZCeJoEXPh0M1EX+mdr9S5uN8zGHr8onmsGlX/mjK/xQ2rXIeM+9wk5GDAJQb4Rbst18gRWnbqGtheEdQ21y+EdkIdDJ+04pypxg+dBB0V2j9Vlauj2iRbyyHHXNvj+dlLJTA05GzmdCYKbyhFZx0Zt5ULyWE0p5kkV4dWzIgAYinHThk7LYvxabvDJHQutpTdM8K78GJP3eGvptGMzZxjkhysL6f6jpAWDLX0Ao6BjfUwjnEpXrj/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3O3TTlM4WADP+5XdPyFFz4QYsg/HR765yQIpJ7f07Ig=; b=ouUbgDVlF0bGlUU55B/n83LvCj1O+9BPwQv8lUSaYx1NqpT+OR4R6QucoAo3HnqohLY1eBSTGbp6WuEG+W+zrk/8snQ7bLYbT21FsOuxskTnbjv36TxjtYObqhammJZP8+47f8ccaPmhNo5czCjYG+4ZUJD/Dn0XJye23odfwdM=
Received: from PH0PR11MB5928.namprd11.prod.outlook.com (2603:10b6:510:144::16) by BL1PR11MB5320.namprd11.prod.outlook.com (2603:10b6:208:316::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.28; Mon, 2 Oct 2023 16:55:36 +0000
Received: from PH0PR11MB5928.namprd11.prod.outlook.com ([fe80::4572:ff39:8a76:1e7d]) by PH0PR11MB5928.namprd11.prod.outlook.com ([fe80::4572:ff39:8a76:1e7d%4]) with mapi id 15.20.6792.023; Mon, 2 Oct 2023 16:55:36 +0000
From: "Mark Grayson (mgrayson)" <mgrayson@cisco.com>
To: Alan DeKok <aland@deployingradius.com>, "radext@ietf.org" <radext@ietf.org>
Thread-Topic: [radext] I-D Action: draft-dekok-radext-deprecating-radius-04.txt
Thread-Index: AQHZ8X3j4rjVeZlenUa5pFvLP+r2frAvGT4AgAeiKuM=
Date: Mon, 02 Oct 2023 16:55:36 +0000
Message-ID: <PH0PR11MB59288A1F9B52DF982EAB3E3FD2C5A@PH0PR11MB5928.namprd11.prod.outlook.com>
References: <169584508374.27966.3303658889978874109@ietfa.amsl.com> <DB59DC69-603F-4146-9501-3FE3E49968F8@deployingradius.com>
In-Reply-To: <DB59DC69-603F-4146-9501-3FE3E49968F8@deployingradius.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB5928:EE_|BL1PR11MB5320:EE_
x-ms-office365-filtering-correlation-id: 99e1ec41-6ddb-4120-4406-08dbc3686649
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4/lomBQSz/VGa/1xtibWBErUSgxy31xg5H+k3hL/PaBPFiNY5iAOFyIETRxIYL7sr0gZrCQyLqVcXmSmk7lqv8fYOeWUWNYhauzzwfFCEuaOpZ9tXW6Yb4wtay8r/EU4xQLaWk/cd24Pixjnrh5ei3zrZzfkTEtbbnzhwk8ilez9LZ2268/XFoXl5yAfp9e104u3n9waOA90vnks8utMdQwZJt2Pg5gWzNv0y/DZ+kiDIhdNE+Ay9E4L7vLR6nOX152U3vMt7lDfwCuNHXqhQOuyHEifcNxwlOOcBLrWjICGPUK2k7jHGS2IXmUdSFYXnYSSRIkCmLxka3uJl425CBHgz7uFkdcUe7A3QrOweJAzdQ7GkHXOnhOWgvSH+4AoCRgYQAMA4TOXDuOhDcceJ2dXNTcOW/7ihHRWWkN/id0bK9u9XUC/snMwmczfAT6KSW0fCri/OzenK3bXAyTeUrWWP0QKjCNbTr8KkXEnxP7FQm+IHMilvAUFFg+1QH5YgxYzzR4ROHOGPJyKN6omnFeOFwIc7Ev9Xj7sli+Fn2BwVOR0BDEIkz91u1uHML3ezW8QVwmrdQCPy3F/VGGpdtH1TmGnchKWuMWaDt8XSpQq8qW/nHfq7FYvTDvmReBwicM7hJuBxC88eR0nUzNKdw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5928.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(396003)(376002)(346002)(136003)(366004)(230922051799003)(451199024)(1800799009)(186009)(64100799003)(478600001)(53546011)(7696005)(6506007)(966005)(9686003)(55236004)(66574015)(71200400001)(2906002)(26005)(83380400001)(33656002)(316002)(8936002)(21615005)(64756008)(66446008)(8676002)(66476007)(41300700001)(66556008)(52536014)(110136005)(66946007)(5660300002)(76116006)(38070700005)(86362001)(122000001)(38100700002)(166002)(66899024)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: diDxuiz1RgcsPJ+Gz4YqoetabvjVEEs/1xmHJknfXprGifJePOaErTIju2MrNUaGVoo21/1uNdm6WQVip6crUn8CRsy+YEvC1pAHUUGeA91jdob//HWSJJnMFJb08FG22rL5PUoGA8cNWBrAJXx5OV+rjdkgc6Qr13sOct/PQkjqDY/DGCYkobX3lGAWLAH1YnyPBkr+iy9DxHHIDYE7gq70pR/kp1ASeXQRhEC9ZpE0aitCo8cBzU3FxRVy7gZc+lpOriy0bDoi5/Augh1oD612IT3M7bd+nINdeIwtvD2msFQMZqAs+5hxrSvVQpBAjdHhax7OWs7S/WLyofOfscqT1LPH+IIgrjKhnFHwnCzY7Dk7Eq05MdldMG1vWafO+m0/YRausedDvD2pEclcjSI/j7ENcc7+VnIXOHCy9vZbOsy5We7ENvgUO1enkGtPxEQigxz+VyPd0YiMst9OpduxCgVxAkQ1QoatBj+abMMxsJ67Tb6HAYqGFHJLvlrHVJ3600kzV3t5g9wxbSPXi2end+VltPt3skCLG3QRMlATW1MiLtqY1e1rgZK76J5yaeePeOOgZUbZX3C8j62eYuAZ4pOgTQ0xCm7S9Vi/6hyXaEf0RmzhRS/GOPhXZlX6wXVcTXVvZ4WbT5MNXb8t5icTqeUJH30uYOCw4PFHf/mF2AFk7RIoDJpS9ydM6IA6IvcDLYIIwXz70+FAM0rwIfj/tEGDrKchadakfywAD59q2e2zGcYsShIGXQP6U5vSr3JBJcb7DdTI8g04dhIQ4uliRaEE2T0YONOyio2fjmCK0BqH0bwbLoLeL9maPnI3+JORwKx5gxVagqUJekB+/DVwozcm9Gvzzj01eTzEFbnuEZSohPtYh5sqy9c5lzMPMPs8pVavlZYofgb6XdZFvrVSu9T1PFW+Jv3Q0YXbZeN+NaiQS9HxLN7HJVd5NDZxUbQBnXrprh5Oj6NnS6szcIY0suG2ZxWwYUXtqfDkYO3rNSCHftPyHZK2Og4LtpABoCgv9QvBJt0ts8Yx8WnxItOZicxq+iLbatCkRzoBY79Iwj81PweRfhXzfN2x+wXMvpI1OtYMk6hCV90gdFfMQylNawWcw7uwrsRR0eLI9DzNqcQdpsJMRr4wRxNWN24hV5Ssc7IzR+pQEsTcoHeexweZhIg4SmZ7ZrLoazT2iH4WYDBQ+BkY62hRncclkSJnm9qkIUmMn32ySdyxBDVZoKtoDkvlLpZqNLYe7SavuF+vQ8zPV4yryxSHyRN7FC4UV7Yy4Qs3MUcMLwkQp0eyTJ0hC7R+spR5sJOuUMZyJ9P/+sEHYpj6ZnjgBqO6YK9hDrJR9Wk3NjgSPXKBnQSXDrdH8jcILbQ6VLRLjHKP0TbTBR1AbK1gEFBVHMT+omftEtP6YqD9prQ4wZqeFGNfNn6a6YvsAXNLo8zE1mozqwOmZ/yIYWNMHTeNIAxcno6rMMXuaNVYc3FIJuJnc8rkTT5Le/chFV5X58LlNGn47I0NadMfpKGeBS596DOPielIvU71R3UIZX8NNYxHmhNCuJUCxvoBangjzrmiX9+uE0KL1dy25VzwHoAeSMBtO9D9
Content-Type: multipart/alternative; boundary="_000_PH0PR11MB59288A1F9B52DF982EAB3E3FD2C5APH0PR11MB5928namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5928.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 99e1ec41-6ddb-4120-4406-08dbc3686649
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2023 16:55:36.2819 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MvmyG6npSxLKziIsHH2vLjFWG+XmBRSAd8ieABnWRyX1p2sLJR0hJ8OxyB99bjqwoi5nP05CgLiHzGaCJqu2cA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5320
X-Outbound-SMTP-Client: 173.37.147.229, alln-opgw-1.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/s3MUKf2US2k0EV8fOe7Fcc6fP0Y>
Subject: Re: [radext] I-D Action: draft-dekok-radext-deprecating-radius-04.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2023 16:55:44 -0000
Hi Alan
Regarding the text around location in 7.1
> Location information ([RFC5580] SHOULD either be omitted, or else it
> SHOULD be limited to the broadest possible information, such as
> country code. For example, [I-D.tomas-openroaming] says:
>
> All OpenRoaming ANPs MUST support signalling of location
> information
>
> This location information is required to include at the minimum the
> country code. We suggest the country code SHOULD also be the maximum
> amount of location information which is sent over third-party
> networks.
Just to be clear, I-D.tomas-openroaming includes other use cases, e.g.,
where country code maybe insufficient.
> When the OpenRoaming ANP supports the OpenRoaming-Settled RCOI ("BA-
> A2-D0"), the Location-Data attribute (#128) MUST be included where
> the location profile is the civic location profile containing Civic
> Address Type information that is sufficient to identify the financial
> regulatory regime that defines the taxable rates associated with
> consumption of the ANP's service.¶<https://datatracker.ietf.org/doc/html/draft-tomas-openroaming-00#section-8.3-2>
In terms of which terms control the use of location, 5580 seems to assume
that the access network provider can define those controlling terms and can
define restrictions, e.g., using the Retransmission Allowed setting in an
Access-Request.
Instead, the more typical approach is that use of location is covered in the
terms agreed between an end-user and their credential provider/AAA server
operator. This then would be reflected as a 5580 out-of-band agreement, ensuring
that the user is fully aware of the use of any location which is sent over third
party networks. With such a scenario, it is not obvious how a single access network
provider can define a single restrictive policy when interconnecting with
multiple credential holders that may have agreed different terms with their end-users.
Best regards,
Mark
From: radext <radext-bounces@ietf.org> on behalf of Alan DeKok <aland@deployingradius.com>
Date: Wednesday, 27 September 2023 at 21:07
To: radext@ietf.org <radext@ietf.org>
Subject: Re: [radext] I-D Action: draft-dekok-radext-deprecating-radius-04.txt
This revision makes it clearer that the focus is not just UDP/TCP, but deprecating all insecure practices in RADIUS.
It adds substantial text on MS-CHAP, and on other security issues.
> On Sep 27, 2023, at 4:04 PM, internet-drafts@ietf.org wrote:
>
> Internet-Draft draft-dekok-radext-deprecating-radius-04.txt is now available.
> It is a work item of the RADIUS EXTensions (RADEXT) WG of the IETF.
>
> Title: Deprecating Insecure Practices in RADIUS
> Author: Alan DeKok
> Name: draft-dekok-radext-deprecating-radius-04.txt
> Pages: 34
> Dates: 2023-09-27
>
> Abstract:
>
> RADIUS crypto-agility was first mandated as future work by RFC 6421.
> The outcome of that work was the publication of RADIUS over TLS (RFC
> 6614) and RADIUS over DTLS (RFC 7360) as experimental documents.
> Those transport protocols have been in wide-spread use for many years
> in a wide range of networks. They have proven their utility as
> replacements for the previous UDP (RFC 2865) and TCP (RFC 6613)
> transports. With that knowledge, the continued use of insecure
> transports for RADIUS has serious and negative implications for
> privacy and security.
>
> This document formally deprecates using the User Datagram Protocol
> (UDP) and of the Transmission Control Protocol (TCP) as transport
> protocols for RADIUS. These transports are permitted inside of
> secure networks, but their use in secure networks is still
> discouraged. For all other environments, the use of secure
> transports such as IPsec or TLS is mandated. We also discuss
> additional security issues with RADIUS deployments, and give
> recommendations for practices which increase security and privacy.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-dekok-radext-deprecating-radius/
>
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-04.html
>
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-dekok-radext-deprecating-radius-04
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> radext mailing list
> radext@ietf.org
> https://www.ietf.org/mailman/listinfo/radext
_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext
- [radext] I-D Action: draft-dekok-radext-deprecati… internet-drafts
- Re: [radext] I-D Action: draft-dekok-radext-depre… Alan DeKok
- Re: [radext] I-D Action: draft-dekok-radext-depre… Mark Grayson (mgrayson)
- Re: [radext] I-D Action: draft-dekok-radext-depre… Alan DeKok
- Re: [radext] I-D Action: draft-dekok-radext-depre… Alan DeKok
- Re: [radext] I-D Action: draft-dekok-radext-depre… Michael Richardson