IETF Logo Mail Archive

[radext] I-D Action: draft-ietf-radext-radiusv11-04.txt

internet-drafts@ietf.org Mon, 26 February 2024 19:24 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: radext@ietf.org
Delivered-To: radext@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 15043C151557; Mon, 26 Feb 2024 11:24:49 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Cc: radext@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: radext@ietf.org
Message-ID: <170897548906.9314.17831962914960669201@ietfa.amsl.com>
Date: Mon, 26 Feb 2024 11:24:49 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/vOxIZffAasoOXoodIwwmQumTRu0>
Subject: [radext] I-D Action: draft-ietf-radext-radiusv11-04.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2024 19:24:49 -0000

Internet-Draft draft-ietf-radext-radiusv11-04.txt is now available. It is a
work item of the RADIUS EXTensions (RADEXT) WG of the IETF.

   Title:   RADIUS ALPN and removing MD5
   Author:  Alan DeKok
   Name:    draft-ietf-radext-radiusv11-04.txt
   Pages:   38
   Dates:   2024-02-26

Abstract:

   This document defines Application-Layer Protocol Negotiation
   Extensions for use with RADIUS/TLS and RADIUS/DTLS.  These extensions
   permit the negotiation of an additional application protocol for
   RADIUS over (D)TLS.  No changes are made to RADIUS/UDP or RADIUS/TCP.
   The extensions allow the negotiation of a transport profile where the
   RADIUS shared secret is no longer used, and all MD5-based packet
   signing and attribute obfuscation methods are removed.  When this
   extension is used, the previous Authenticator field is repurposed to
   contain an explicit request / response identifier, called a Token.
   The Token also allows more than 256 packets to be outstanding on one
   connection.

   This extension can be seen as a transport profile for RADIUS, as it
   is not an entirely new protocol.  It uses the existing RADIUS packet
   layout and attribute format without change.  As such, it can carry
   all present and future RADIUS attributes.  Implementation of this
   extension requires only minor changes to the protocol encoder and
   decoder functionality.  The protocol defined by this extension is
   named "RADIUS version 1.1", or "RADIUS/1.1".

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-radext-radiusv11/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-radext-radiusv11-04.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-radext-radiusv11-04

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts

v2.23.0 | Report a Bug | By Email