Re: [radext] Fwd: New Version Notification for draft-dekok-radext-deprecating-radius-02.txt
Margaret Cullen <mrcullen42@gmail.com> Wed, 26 July 2023 15:27 UTC
Return-Path: <mrcullen42@gmail.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DB0FC16B5B0 for <radext@ietfa.amsl.com>; Wed, 26 Jul 2023 08:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.962
X-Spam-Level:
X-Spam-Status: No, score=-5.962 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fBWOqBi_JBjV for <radext@ietfa.amsl.com>; Wed, 26 Jul 2023 08:27:55 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DECA0C16953F for <radext@ietf.org>; Wed, 26 Jul 2023 08:27:55 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-1b89d47ffb6so36738005ad.2 for <radext@ietf.org>; Wed, 26 Jul 2023 08:27:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690385274; x=1690990074; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=ARvayiiCiVNjE9FQBhq5UPhMPfq0PVIQHygcHCOAMV0=; b=saRPAGXBIZJLsR06PUUF2CnRusIqKf0W5Bp9bzaKdJwV9EJsfI8CyVYkDcS7MIpfrH ETMm+f5B840ukt4J2RT8TsCom/OmrZurtlBb8ht437PVH4gR2em+OjmijqpiVz87CXWZ 0XJorg0uf1j9EJsh+9VEOD/szWEe8uhLpa4CjBNdsX9zuB5PYKfxL881cvCILRwHKWxm UDfPz2m4ehWGXVmtdotw9rY5/j9AnaX5eYeeq3qnP9nRxLEz+/bjbqVSJRGZOwpD2NvJ +eSf5kmzePa+J8rnsPl4vsUyaauC/lyPIv1JjPPf+PoVarwSwhF5xGVxRcWdpVH+a8fT H4qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690385274; x=1690990074; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ARvayiiCiVNjE9FQBhq5UPhMPfq0PVIQHygcHCOAMV0=; b=VdwMyRCSBnDNQfk9LmIagnD8Gyd52f2gYb8xOQM5iPXgam/pgjLgIX5G2SoQVNNPSp 0iPQ5k74BA3Rb8cuT5tFYmSlDLLgY2BmPSmc4HoPBwthp4q2M9w0Wk2NCBsa0Cv4VKDs tCAMBLHE0ELdcBsEy2wpVm3pYETve7wSlBfOJ7OOR4zKi49UoqSQaLbFgkljXFx2WCaE ixV7Mux1NXPTVUDwE5AfJTuPeAWSbD/Bj+u1T9Ynz0TfXj95MpM7KdZjlVhQQM9RUDfY ta5IRjYGqJHeBDAxUI7DAN+5jU3jek40IcPUMoxFK9zX6OddXu/JpfGnI9MEml8eEoPv 5uIA==
X-Gm-Message-State: ABy/qLbTeukC/lu1WTB4k/a35PQ6miaoNyIfNIon4w/YZas/9XHQ+3nZ xuuDtkfa96fouOLK+T3qvd0fGeeE9FI=
X-Google-Smtp-Source: APBJJlH6SldUISL3z6Yv+/w7n66eeL5CEU++nVXdxCpn6fQ+lYE/vc6KKkRJJLGoSx9jSPE39PLnWA==
X-Received: by 2002:a17:903:2441:b0:1b9:e9b2:124b with SMTP id l1-20020a170903244100b001b9e9b2124bmr2103595pls.64.1690385274047; Wed, 26 Jul 2023 08:27:54 -0700 (PDT)
Received: from smtpclient.apple ([2607:fb90:9fad:d123:9c20:7f4a:e146:be84]) by smtp.gmail.com with ESMTPSA id io19-20020a17090312d300b001b8ad8382a4sm3339156plb.216.2023.07.26.08.27.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Jul 2023 08:27:53 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-C1C7B96E-62ED-4CBE-AB63-31E1CC4F17CD"
Content-Transfer-Encoding: 7bit
From: Margaret Cullen <mrcullen42@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 26 Jul 2023 08:27:42 -0700
Message-Id: <0BB79C6B-AFBF-4919-9B8F-4437CEC4DAA8@gmail.com>
References: <D522C7F4-1080-451D-9ECC-12CDAD23A59D@deployingradius.com>
Cc: radext@ietf.org
In-Reply-To: <D522C7F4-1080-451D-9ECC-12CDAD23A59D@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: iPhone Mail (20F75)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/w4w4FpPROymNk1ZdJ1qDV3I2AJY>
Subject: Re: [radext] Fwd: New Version Notification for draft-dekok-radext-deprecating-radius-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2023 15:27:56 -0000
On Jul 25, 2023, at 5:38 PM, Alan DeKok <aland@deployingradius.com> wrote:
I've added substantial text on how to make existing uses of RADIUS more secure. e.g. use EAP when proxying outside of your local network.Thanks to Margaret and the WG for making concrete suggestions at the meeting in SF.Begin forwarded message:From: internet-drafts@ietf.orgSubject: New Version Notification for draft-dekok-radext-deprecating-radius-02.txtDate: July 25, 2023 at 5:27:20 PM PDTTo: "Alan DeKok" <aland@freeradius.org>
A new version of I-D, draft-dekok-radext-deprecating-radius-02.txt
has been successfully submitted by Alan DeKok and posted to the
IETF repository.
Name: draft-dekok-radext-deprecating-radius
Revision: 02
Title: Deprecating RADIUS/UDP and RADIUS/TCP
Document date: 2023-07-25
Group: Individual Submission
Pages: 24
URL: https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-02.txt" class="" rel="nofollow">https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-02.txt
Status: https://datatracker.ietf.org/doc/draft-dekok-radext-deprecating-radius/" class="" rel="nofollow">https://datatracker.ietf.org/doc/draft-dekok-radext-deprecating-radius/
Html: https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-02.html" class="" rel="nofollow">https://www.ietf.org/archive/id/draft-dekok-radext-deprecating-radius-02.html
Htmlized: https://datatracker.ietf.org/doc/html/draft-dekok-radext-deprecating-radius" class="" rel="nofollow">https://datatracker.ietf.org/doc/html/draft-dekok-radext-deprecating-radius
Diff: https://author-tools.ietf.org/iddiff?url2=draft-dekok-radext-deprecating-radius-02" class="" rel="nofollow">https://author-tools.ietf.org/iddiff?url2=draft-dekok-radext-deprecating-radius-02
Abstract:
RADIUS crypto-agility was first mandated as future work by RFC 6421.
The outcome of that work was the publication of RADIUS over TLS (RFC
6614) and RADIUS over DTLS (RFC 7360) as experimental documents.
Those transport protocols have been in wide-spread use for many years
in a wide range of networks. They have proven their utility as
replacements for the previous UDP (RFC 2865) and TCP (RFC 6613)
transports. With that knowledge, the continued use of insecure
transports for RADIUS has serious and negative implications for
privacy and security.
This document formally deprecates the use of the User Datagram
Protocol (UDP) and of the Transmission Control Protocol (TCP) as
transport protocols for RADIUS. These transports are permitted
inside of secure networks, but their use even in that environment is
strongly discouraged. For all other environments, the use of secure
transports such as IPsec or TLS is mandated.
The IETF Secretariat
_______________________________________________
radext mailing list
radext@ietf.org
https://www.ietf.org/mailman/listinfo/radext
- [radext] Fwd: New Version Notification for draft-… Alan DeKok
- Re: [radext] Fwd: New Version Notification for dr… Margaret Cullen
- Re: [radext] Fwd: New Version Notification for dr… Alexander Clouter
- Re: [radext] New Version Notification for draft-d… Alan DeKok