[radext] Re: Mohamed Boucadair's Yes on draft-ietf-radext-radiusdtls-bis-15: (with COMMENT)
mohamed.boucadair@orange.com Tue, 07 April 2026 15:22 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6C56DD787730; Tue, 7 Apr 2026 08:22:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775575334; bh=QWWaoxaqbDHIpkNn3Ll4/4a3F0F2fnnTPEpnsDW+TS8=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=r8yybthrgMsvJjw5g3ZYR2gLx9WIcrHoFALxdhgALiKJMj0TZPtwBjRQQ4IyIkcUN uhV1kj76uF/brbhNABhakXmGtEbEVhZJ9LugL44zvclcsCT6p6qn1IfQ+oBrvk9sHR lQxjMJSWZH5uIrxGOi9JDnlkIUOm9iEhVPHjrrHM=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6a0oRIKyq97; Tue, 7 Apr 2026 08:22:13 -0700 (PDT)
Received: from smtp-out.orange.com (smtp-out.orange.com [80.12.126.239]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4B891D787725; Tue, 7 Apr 2026 08:22:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; i=@orange.com; q=dns/txt; s=orange002; t=1775575333; x=1807111333; h=to:cc:subject:date:message-id:references:in-reply-to: mime-version:from; bh=4I3OCD36uwLPxFiW0LkMExsp+drS3JjU8HK2WmTX5cE=; b=ZPZGDwegCk4cVl0K0vO1d97EoGS3kEKwuXTwQI5qFKIEljlmYfNaxN/W 2gAWX8+ZLknJxKA55yM+Lrc5jl4e1o820PBVGmDeg1+IvvYK2qrR/m9iz jiJOtj11dKkwXu46v1VvrINEC31AtP3Wd9A8+6UPx6eUH9G7MzK5mligu gk3KGnqllIprqWGHgzWHQP0zGIgBgP886/WG1S9TElhhvHKkfrE24AmYb mpzs56v66dQeqeesOUsfjA8cX7M6fxCxD6rsIE9qiPtwgnhSX6UsvFNIr wr1KMf5Cw/6UVmXUInOSkHWCHhcNvojbhX2NuGtjdvuayArER6ZVe/LIH A==;
X-CSE-ConnectionGUID: THdXoDbBSr2VjgARAd/GAA==
X-CSE-MsgGUID: qmCP96XDRz2TRBuZilOXAA==
Received: from unknown (HELO opfedv3rlp0c.nor.fr.ftgroup) ([x.x.x.x]) by smtp-out.orange.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 07 Apr 2026 17:22:12 +0200
Received: from unknown (HELO opzinddimail16.si.fr.intraorange) ([x.x.x.x]) by opfedv3rlp0c.nor.fr.ftgroup with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 07 Apr 2026 17:22:12 +0200
Received: from opzinddimail16.si.fr.intraorange (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id EEDA1156407A; Tue, 7 Apr 2026 17:22:11 +0200 (CEST)
Received: from opzinddimail16.si.fr.intraorange (unknown [127.0.0.1]) by DDEI (Postfix) with ESMTP id C63FB1564074; Tue, 7 Apr 2026 17:22:11 +0200 (CEST)
Received: from smtp-out365.orange.com (unknown [x.x.x.x]) by opzinddimail16.si.fr.intraorange (Postfix) with ESMTPS; Tue, 7 Apr 2026 17:22:11 +0200 (CEST)
Received: from mail-francesouthazlp17010018.outbound.protection.outlook.com (HELO MRZP264CU002.outbound.protection.outlook.com) ([40.93.69.18]) by smtp-out365.orange.com with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 07 Apr 2026 17:22:12 +0200
Received: from PATP264MB6765.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:533::11) by MRZP264MB2779.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:18::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.27; Tue, 7 Apr 2026 15:22:09 +0000
Received: from PATP264MB6765.FRAP264.PROD.OUTLOOK.COM ([fe80::fcc8:341e:f80e:de16]) by PATP264MB6765.FRAP264.PROD.OUTLOOK.COM ([fe80::fcc8:341e:f80e:de16%4]) with mapi id 15.20.9769.017; Tue, 7 Apr 2026 15:22:09 +0000
From: mohamed.boucadair@orange.com
X-CSE-ConnectionGUID: APun2vh7QkGG9vdDT19rKg==
X-CSE-MsgGUID: ED+uUFaGRaO3CF4oDaMFww==
X-TM-AS-ERS: 10.106.160.161-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-DDEI-TLS-USAGE: Used
X-CSE-ConnectionGUID: wtgyk1XzS5ieRI/CnmZh5w==
X-CSE-MsgGUID: nDT06R5wS3WlJmXm87af8A==
IronPort-Data: A9a23:EBmN+69o+QMv0qMoiw73DrUDyXmTJUtcMsCJ2f8bNWPdYAtShnVHk jtMCC3fZaGVIjmmON5rK9ThqxtC/NSA/mJROEEx9HRgCWoVsqIpbvzAIBeuMSqef8OfRR47t cxHYNDOc5hkHyWFq0vyaLPsoSd13qjSGOTxWbWUNHwrSF8+FStxgx5tkr5ojNIy3NLpa+/hk drqu8neM1a52jlydXoX4Lnc7Qhus/L7pC4CszTSQNgT1LOJvyZLV8J3ydiNEkbFrqlo8s+ST bfKxrvh9W+A8kpzBIKsyuegKxYEE++PN1Leh3QHUqb+20gTrSEMiatqb/B0hWW7Ktmqc3Kd7 P0X6PRcnC9wZvWkdNw1CkceS2cke/QfotcrGFDn2eSL1UrKbnDw9PtnCUAyLOUw9/1+aY103 aRwxAslMFbZ3opa/JrhErMx3555dZGwVG8ikioIIQ/xXK9Ora/rE/2iCe9whF8Yms1IFPDCU MsVARIHRAjAeRBGJmAMA5s4muqy7lGnG9GPgAvIzUafyzG7ID1ZiNABAvKMEjC5bZw9cnKjm 47z1z+R7if2ljCo4WHtHnqE3ocjlM5gMW4YPOXQGvVC2DV/yoGPYfEbfQPTnBW3tqKxc81DJ F0Xoxo8lvUz+XaKCfL7Wi+4/WHR63bwW/IIewE7wCS3+JKOvVqyOzBcFHhGdcAss9IwSXoyz FiVktj1BDtp9rqIVXaa8bTSpjS3UcQXBTNaI35fC1VUpYCzyG0wpkqnotJLFam1h9j4FXf6x C2BpSQ3hq87itQC0aq2u1vAhlpAo7CQFFNutl6LDzvNAgVRYqKZP9KStEfgtslEDoOpSwnet XZUsp3LhAwJJcrWznDSKAkXJ5mz5vuOMzDGmnZjEZ9n+znF03+uZo944TxiKgFuKMlsUSXgb ELDpStQ6YNdenywYsdKj5mZDs0rye3uD93jXf3PacdSYpFjcBfeo3k3PRbJjybqjVQmlrw5N dGDa8GwAH0GCKNhij2rW+Ma1rxtzSc7rY/OeXzl5wu73qudPU6HcuoEPWGvKcs/6ZGE/RqAp r6zKPC2JwNjvPrWTBO/zGL+BVUDLHx+C4r/rcdabemePgpvCmU5UqCJmOt5ItwjmLlJnODV+ H37QlVf1Ff0mXzAL0ONd2xnb7TsG514qBrX3BDA3372ixDPgq72ts/zkqfbm5F8pISPKtYoH pE4lz2oWKgnd9g+0211gWPBQHNemOSD3lnUY3XNjMkXep9rXQvS/dH4NgDo7jFmMxdbQfAW+ uX6viuCGMJrb107UK7+Nqjzp3vv5iJ1sLwpACP1zix7JB+EHH5Cd3ap1qdfzgBlAUmr+wZ2I C7PXEhI9bCQ+dBpmDQL7Ijdx7qU/yJFNhIyNwHmAXyebEE2IkLLLVd8bdu1
IronPort-HdrOrdr: A9a23:gPShMaGjWuFYQNQ/pLqFSJHXdLJyesId70hD6qkvc3Fom52j/f xGws5x6fatskdoZJkh8erhBEDyewKmyXcV2/hYAV7MZniDhILFFu9fBM7ZskTd8k7Fh6VgPM VbAs9D4bTLZDAX4voSojPIderIq+P3k5xA8N2uqkuFOjsaCZ2IgT0ZNi+rVmFmTghPApQ0UK Gb+tdGoDSYf3EWZNSQB3UOXeTPzue73q7OUFojPVoK+QOOhTSn5PrRCB6DxCoTVDtJ3PML7X XFuxaR3NTuj9iLjjvnk0PD5ZVfn9XsjvFZAtaXt8QTIjLwzi61eYVaXaGYtjxdmpDh1L9qqq iDn/4TBbUy15rjRBD3nfIr4Xij7N8a0Q6i9bZfuwqnnSW2fkN/NyMLv/MiTvKQ0TtcgDg76t MH44vRjespMfvN8R6Nm+TgRlVkkFG5rmEllvNWh3tDUZEGYLsUtoAH+lhJea1wax4SxbpXZd WGNvuskMp+YBefdTTUr2NvyNujUjA6GQqHWFELvoiQ3yJNlH50wkMEzIhH901wva4VWt1B/a DJI65onLZBQosfar98Hv4IRY+yBnbWSRzBPWqOKRDsFb0BOXjKt5nriY9Fkt2CadgN1t8/iZ 7BWFRXuSo7fF/vE9SH2NlR/hXEUAyGLEbQIwFllutEU5HHNcrW2He4OS4TeuOb0oQiPvE=
X-Talos-CUID: 9a23:6ww6RWqkPlpww0P37OerCRHmUd85fWzelUfCGBK5BFxID5aTTG2Qpbwxxg==
X-Talos-MUID: 9a23:uns7XAvRaoIMOKy5Bc2ngh1ebJlSvruVU38Js5A2vpnbPCIgEmLI
X-IronPort-AV: E=Sophos;i="6.21,167,1763420400"; d="p7s'346?scan'346,208,346";a="125383491"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gAur2krR9fRrFYanhr3Mwa6pxER+8vD2PjC+4TwVdlPoV8TxCgmfdnAiXbgqy3ejAb0FlXpiW2duE4O3VCQlYnlrosK9k7pZPAHffi8Bo1f52e1cmvU8ZwFp0vUfDw4r5kEE9RWLx1aRj2jmbPtKIai5GRhgXgU6IJu1w3TjKgLBwC+vCXOsOAyOpQbJ0Z05DSVjMpaF5zTcYZVeVKcVAZycQkvBpCqriixZlJrKMjVxWfZUP+ygFNE1NnOSwiaszjhJuX+mbsrSy1nmI9MxhlD0UoIQegxdHcmVrmjjDaJu/kzRM5zfdvN6xKGnb7GKoPjJi1djYsLsZvuPEV1w6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4I3OCD36uwLPxFiW0LkMExsp+drS3JjU8HK2WmTX5cE=; b=rIwryPzSLxmIyGy8y/aLA8BCJPa2SeWoGpAUWDNggvaNoS+AHxnAtXTHcg2I9gEemas/w3mI3QSunynhjDC32V6CCNAo0QvsNNBDwBhuPF7h175JNVsjlDLy41fr/9ARDJ3HFyvjCmnt7ORU7AZ8AontzVDkBUNm18Uj+G/rSctp3L2/RQAtl6O6qaZfokKF8gdAenobBAWjpU5kb0tuDM8SlaQWvCRmC0NkbueHCHzNTG8RyzxMny72X5IOs2uN17b/N7siOi6xCxz0lVAAMQwxhW5PGdoN/IyXi2a6FZGaqbpzQpekQOg8v4+zDSNwD1i9jDIb/ixmeGllxKjdPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=orange.com; dmarc=pass action=none header.from=orange.com; dkim=pass header.d=orange.com; arc=none
To: Jan-Frederik Rieckers <rieckers@dfn.de>, The IESG <iesg@ietf.org>
Thread-Topic: [radext] Mohamed Boucadair's Yes on draft-ietf-radext-radiusdtls-bis-15: (with COMMENT)
Thread-Index: AQHcxo/VgFH8L6vW3Ui03GJ5sXaDHbXTtu9A
Date: Tue, 07 Apr 2026 15:22:09 +0000
Message-ID: <PATP264MB6765ED572038C77E7FA15C73885AA@PATP264MB6765.FRAP264.PROD.OUTLOOK.COM>
References: <177235674024.3245188.9830704777013957267@dt-datatracker-6ff7c68975-7k42g> <1218c613-9d49-4dc5-809b-6779dc7903af@dfn.de>
In-Reply-To: <1218c613-9d49-4dc5-809b-6779dc7903af@dfn.de>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=05ea969d-88f0-418a-9679-95c6c7b9e6b8;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2026-04-07T15:20:24Z;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20;MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Tag=10, 0, 1, 1;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_ContentBits=0;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Enabled=true;MSIP_Label_f47c794b-e3ab-43f0-9e0f-29fc3e503192_Method=Standard;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=orange.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PATP264MB6765:EE_|MRZP264MB2779:EE_
x-ms-office365-filtering-correlation-id: 9ae97ef5-87a5-4c51-430b-08de94b96f6d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|6049299003|376014|366016|38070700021|4053099003|18002099003|22082099003|56012099003;
x-microsoft-antispam-message-info: vtVFtVxpV1XD0pUsubcvDziZXlANGH3CpTPLn1E35cQhwDVt6K8oFAN71pyOyb6IpiEJt8X1TYjL2ZypUiiEiJflPWu3s3YSTCEsSI/6emqd1+lXqwcIGz1Cg8YaP34uKDgNARZjdTajYzm9ytZiL9hsQHexySiiJKIWtrEHMNjxpmWlkiPQCbuW8WzaXGZL3ZCClo+ZgCS/ZQnfqaorG5TY/VKizcnEjlTCw7M4ggobDre1ZE6Kj5atGmCMGmy/s6iYyJ7eDNU81vfmiqYqX/xf2bk7wALzylmw5F3ei5jclYazUKpIWNLDbnFlovJLH715FaAyB9LhRTrfEl+ttbsE/TCK0iou6jM31Pv4QkVMRfvSsQlStq60/42nndmlsxwcDeU+a25qrOC9i5AIjtFNQAKqUS/MSJleZJLgyP72rif0ZKCKWaOEf96N4hF0lGFKTLhJ6iLwqj6EME+jIRzHkOBjbVvsZdJRtvHyNgH77DcHQWSUw7v2vRgxDZrVwlRNjC5NfJW+mqN9SbNuByRDD9JT7KmPX9P84Nr6c2q+pbw67WXSY/FmLE1QAIan9zT9acu/kmi7YB2+EFy06g1sDfhHVOrE0zY6MeFVQBbDGLEWBpSsKjxK1Ehvk5GZsMEvQ9o7d5fyNpxNg/LMFI7xJKy//sQWOXYs3MM8pwV/5vcK/4PnGGgYjGV72JsLehcUv/dp7gBLqZloTU7AKTZKceQAHs0KVWfuUoZEL28=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PATP264MB6765.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(6049299003)(376014)(366016)(38070700021)(4053099003)(18002099003)(22082099003)(56012099003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sIKAv+ckl7ezVaBPaSDy4lFDwl6Xf7RPF7PtMl9C5PovHMcP9+4B2hUQbLpGWGKuRdTFb2UCB8J6qK7tyeedCg22UyqpHA/spcmMGVDZczSOFgAOdoxmSc9YTwt0pOpIilGEbgdXyHLdlzGcZA7F3dUEYGZdRdssg9VWHOUpiCLNtmEXX85jOAyRcSoYooqCYh/W2H9hHBUZDSHsPJ30/OibQxDR0cSfPCqUb8Bwn4Bl/m83GeEugE97mgxbUN1tD/ILOiXCc1mJ0N4PZ33LR5HHqSv3vMtr/aFOBUgJEGonyqn2858p0bw0eDYEJLy6lvRB74i1r80HyyCR/kndiAEkObqq1su2LkmGcRNUnMoD8dLCiG2dDB8V7Th2a5dewZCY0pI9ILSIgxp5V0879yHohDQz47g7jmvHR3MWSgl4da2ITAaxwUWlgPhdsa6VEMmy0HFMOcmt2/UzJA5bWQU98ss2ti52pl4pZVrC4Oc65VhY1LMwUWXlgbrZAzXE2xI2B/ZIUWR4abM7ZfFViXGEt2opepFdt2OTkL/PejLJHmt/DJqaW9MZQM90gzMzjl5BDtvaRvPR4W/cryblwZULa19FiO8MVPktxjAZ0eqD/jLRZPXqZpjsqlUy/aN9kdR9Y5xX8HAgNFp3a6xYog0BLX1/EwJ4HoHw32iVdK4mPDPJywdOgrGJokkv+zWmkL/vFKcaqvjyDHXem34Ma/l7nA/Ga1+u/IBvUZB1xKpMU1ChQ6vW8kS6ux9uCGue4VL6NdOsC1K6eqdr0uQHOQoT901oNwxQ5jFYxuCJA1/3ZEQEmXkDDbmUfZ4maoYbJWZb3DcsX1DAL4LE2Eyi5c3Yp3dvL5C1Zsry6p7x8E5vIa/a+IvyBqo1a9puL2SfFancrcBJkTD2qivnPuarWIREooh/Q8x1Ur0RcsNVcTwhqh5r51Ni2WYEVaAauzk1/R1gFCiVYi35k/+3ZrrjOBpThkfUpxjb6jSlUh7yEEc1TZboTqGdfPTFKBjF0Hwr/PbOnKDaQWs1QQfCOGKz8C4lANNazGQABKRhJ4CbCK+v0btWplQ9fPQ/NQ+eSfEDBmnjR8ixjMs3nLpNARFJXrIHlOGpLvhbRfbs2/MvOixaqSqdUr7MYFiqxqgXqvt1UU+07EtZN1CFiFw4T7+/7pkItCI9m7CSzZTho+0f2FBoX9Vfhg3dYgGdMfKfecQ6YzY88tO3ln8Cw59adb678K5OFboZm04jh5Y7l1JbFw15WnWCpQrCWYM9nnN/jNnsW8qarkXoDlzW/qz3MLzBhlL6QYTXUNvYcRBG5lUTX/5Lvp/J9vQPCGWF1y1tx+S7B3PeNgvspHgs5wPE6HFPRcPTM5IqpyKuP5Lmlq7TBUOfmqP46tVvcNDhTDFke2Eg3akRGE8lcXOrThP33EWjQvfCJBNXJ0EvMU+ABjZ8jBz/NJWHvoR2AYVB6mFwnqIJohlqR1pKyN1MWLnX1Lr+kjGs8ZKXo6GttgaDcD2YC7TcHHT7FQF57Ln5RHBhlIy1xAjtwkCgCxuhAhmnadFv2lo7MTC3bF9jel3mGZKf7scobUs5ntyFUH5rlZoN0EL/S+jMXKSVDWkPCQsRzpY100K6Y1K4KFLRyuWjGmOd1zesqI13xsfrhnMwa3VC05m/hysVRSApcMuyE1n/sq8QBxkkSjD09w4/fBfUXeZLIY8NpsfAX77itvqQZXL1QsDc6Ps2hMB/+QXqTNEN+BfeKueVwDvZwuiU2GEsuVIy71o=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_000C_01DCC6B3.0EB6AA10"
MIME-Version: 1.0
X-Exchange-RoutingPolicyChecked: CazN34rea3/L3z6BH5fGpzbfxqBh9GlgPke8gHIPvjcZXcEOhmT3T6Fw9k3SPPH/Szg+6NmJ8HyOxEbIyxxYUsD7bO/NcwTFBRBUqjFc2w6DS6xcUnironFDnQ0mMavTVch9KOcxmPCzpwh9ebdlfrvVsQIln7+WAqKvPFSQbU8s9FCX7dBWAliJs8iEWBCxphXBNqVeCvw/kCSsq7Z8gbMLU3BiTPnKF7CwNdO0PR7n55BvzDISC/H6t5jy1p4Lo4KpT0cjl3QUnMYrIBxwp1pUYAp8/zmcfAdUO3/IsMPwxylOTB3m+g+/RjyAZBQoCXPcBDS+iskT+CVVgnoK/w==
X-OriginatorOrg: orange.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PATP264MB6765.FRAP264.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ae97ef5-87a5-4c51-430b-08de94b96f6d
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Apr 2026 15:22:09.2277 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 90c7a20a-f34b-40bf-bc48-b9253b6f5d20
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lH5CYggowpFi64w+azfjPXr0/Yd/ENIxQvlupWFVFG1VcJ7LvB2yJDBrVToLWvniyqhh3v48EWZKw/lrAy+Pf1Q/tE1xTOIhjloN1Li6MN8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB2779
X-TM-AS-ERS: 10.106.160.161-127.5.254.253
X-TM-AS-SMTP: 1.0 c210cC1vdXQzNjUub3JhbmdlLmNvbQ== bW9oYW1lZC5ib3VjYWRhaXJAb 3JhbmdlLmNvbQ==
X-TMASE-Version: DDEI-5.1-9.1.1004-29866.000
X-TMASE-Result: 10--54.939300-10.000000
X-TMASE-MatchedRID: b/1IsOqez6ekmOzIPyadd/3HYajuypjfuoYFb0nRiqNShO3/fRZx3E1N J2MN+nPk3L9bAWfzbS+6k04B6phRjtf5qsFWeaS1K0+leiJxLlc+yaZy3p+bIpnpTtCGSpGejUQ jwBaLDpS31RJTt3dmCwXaxPGF2csuCuAYV83gfMKaVoAi2I40/Ui8rgutezVpPHMAbjuhwd97WQ 9jAKKTTtc5drnnGeYoWty/ycGutPdGpTGDN8pp+cMmd/8j9dbKF4r8H5YrEqxLcvHInxh9FMV2Z t/cNQtxXs5ER6wW6kLTcFAhDH0WXbI9IhPaTqbkrltvlARhKR0kXy0US052q54p7HFhw7jIZlj9 F1etQo2tVnlxd5OEdGsJeL4IB6ccrQvyT6gp/YwX6pCkJZNSOYaJp9G8IFZp3m7FRTxl32QN9ZZ tXMUGgMvqqEDn0Jt08ORQAMbqransR/15S/KqDsg0GHbvqnHrnzPrJkGalpDW2YYHslT0I0NYod FVvlg00mOYWnnnd2CJzB5B/0LwES9rKPUzPcQ2CtzGvPCy/m4BqNb4Qv6Vo4EBeX0uQ+npmUtrK KwldD4qqtDuUtwyfPtPIKLYQN0+V06TBamk75Ivun/+8u/hs5cE9F6aLBE1Ded/BxnuiN8G6Ew0 t87pQOujhKNgJIVzNVodHxw0rFEaPCdqB+zvPHJJyv1ZkvKrJmMTgMF/NlB94HxmQFPHyxZMZ/x Aei+mjq42o3qXyF6SnaJyHAYBABwl7pF2ix2tnVTWWiNp+v+hCEsahX9YEsC3sORVJm+0zDu4AI 4CjEUVmoV8olUgZwGLeSok4rrZURjIzxtgjQh0ys7vJzQj/MLeaN9zSPdmA/3R8k/14e0=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
X-TMASE-INERTIA: 0-0;;;;
Message-ID-Hash: 5HUFHL63HD2SBSGJ2W3KEGTY6BX7UKIO
X-Message-ID-Hash: 5HUFHL63HD2SBSGJ2W3KEGTY6BX7UKIO
X-MailFrom: mohamed.boucadair@orange.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "radext@ietf.org" <radext@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: Mohamed Boucadair's Yes on draft-ietf-radext-radiusdtls-bis-15: (with COMMENT)
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/w7QCoEVJtzK-gLCHu9CRYhUb1Jc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>
Hi Jan-Frederik, Thank you for the follow-up and clarifications. Feel free to implement changes as you see appropriate. Cheers, Med > -----Message d'origine----- > De : Jan-Frederik Rieckers <rieckers@dfn.de> > Envoyé : mardi 7 avril 2026 15:10 > À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; > The IESG <iesg@ietf.org> > Cc : radext@ietf.org > Objet : Re: [radext] Mohamed Boucadair's Yes on draft-ietf-radext- > radiusdtls-bis-15: (with COMMENT) > > Hi Mohamed, > > thanks for your review and your comments, I've added my replies > below. > > On 3/1/26 10:19, Mohamed Boucadair via Datatracker wrote: > > # Source port number selection > > > > CURRENT (3.1): > > The client source port used for > > RadSec connections is not fixed -- it is typically an > ephemeral port > > picked by the client Operating System. > > > > Can this also mention the mechanism in RFC6056? > > > > If randomization is followed, then this would help with this: > > > > Section 6.5.2 > > > > RADIUS/DTLS clients SHOULD NOT send both RADIUS/UDP and > RADIUS/DTLS > > packets to different servers from the same source socket. > > We could add a reference to RFC 6056. Personally, my observation > of > current implementations is that selection of source ports is done > on OS > layer, so adding 6056 does not bring benefits to this document, > instead > it suggests that implementations should deal with the source port > selection themselves instead of using the existing APIs provided > by the OS. > (But that's only my personal opinion, I can be persuaded.) > > > > > # keepalive > > > > CURRENT: > > RadSec implementations MUST utilize the existence of a TCP, > TLS or > > DTLS connection where applicable in addition to the > application-layer > > watchdog defined in [RFC3539], Section 3.4 when determining > the > > liveness of each connection. > > > > I guess by “utilize the existence” you meant implement some > > heartbeat/keepalives. > > > > For TCP, please note that rfc9293#3.8.4 says: > > > > Implementers MAY include "keep-alives" in their TCP > implementations > > (MAY-5), although this practice is not universally accepted. > > > > I don’t see an issue with the behavior in the spec given that > 3539 requires > > anyway the following: > > > > AAA protocols MUST support > > an application layer watchdog message. > > What we mean there is not keepalives, but really the existence, as > in: > if the other end sends a TCP FIN or RST or a TLS close > notification, or > the OS times out the connection by itself if it hasn't seen any > traffic > in some time and requests are unanswered, then the connection does > not > exist any more. > And if the connection does not exist any more, the watchdog is > useless > and will come to the same result, only with a delay. > > > # Logging > > > > Some events are better logged for operational needs. For > example, the following > > events (and similar) should be logged > > > > CURRENT: > > That is, the implementation SHOULD send a TLS close > > notification and, in the case of RADIUS/TLS, the underlying > TCP > > connection MUST be closed if any of the following > circumstances are > > seen: > > I've opened a github issue on this, right now I think we only have > one > mention of logging in the whole document. > > > # server IP? > > I've already replaced IP with IP address and port with port number > in > the editor's copy on github, it will be included in the next I-D. > > > # Same behavior > > > > Section 3.1 > > RadSec endpoints MUST NOT use the old RADIUS/UDP or > RADIUS/TCP ports > > for RADIUS/DTLS or RADIUS/TLS. > > > > Section 3.12 > > Implementations MUST NOT exchange both insecure and secure > traffic on > > the same UDP or TCP port. It is RECOMMENDED that > implementations > > make it impossible for such a configuration to be created. > > > > These are covering the same points. May be consider having this > discussion in > > one single place. > > > > Alternatively, consider linking both such as: > > > > NEW > > RadSec endpoints MUST NOT use the old RADIUS/UDP or > RADIUS/TCP ports > > for RADIUS/DTLS or RADIUS/TLS. See also Section 3.12. > > They are not covering the exact same points. > Section 3.1 forbids using 1812/1813 (and the old non-standard > 1645/1646) > for RadSec, independent on whether the RADIUS server is accepting > RADIUS/UDP or RADIUS/TCP over these ports. > > But the wording "old RADIUS/UDP ..." may be suboptimal, I'll see > if we > can make that more clear. > > > > > # packets, records, and datagrams > > > > CURRENT: > > RADIUS/DTLS endpoints MUST send exactly one RADIUS packet > per DTLS > > record. This ensures that the RADIUS packets do not get > fragmented > > at a point where a re-ordering of UDP packets would result > in > > decoding failures. The DTLS specification mandates that a > DTLS > > record must not span multiple UDP datagrams. We note that a > single > > UDP datagram may, however, contain multiple DTLS records. > RADIUS/ > > DTLS endpoints MAY use this behavior to send multiple RADIUS > packets > > in one UDP packet. > > > > Maybe add a pointer to rfc9147#section-4.3? > > > > I would delete “we note”. > Thanks for the hint, it's updated in the editor's copy and will be > included in the next I-D version. > > Cheers, > Janfred > -- > Herr Jan-Frederik Rieckers > Security, Trust & Identity Services > > E-Mail: rieckers@dfn.de | Fon: +49 30884299-339 | Fax: +49 > 30884299-370 > Pronomen: er/sein | Pronouns: he/him > __________________________________________________________________ > ________________ > > DFN - Deutsches Forschungsnetz | German National Research and > Education > Network > Verein zur Förderung eines Deutschen Forschungsnetzes e.V. > Alexanderplatz 1 | 10178 Berlin > https://www.dfn.de > > Vorstand: Prof. Dr.-Ing. Stefan Wesner | Prof. Dr. Helmut Reiser | > Christian Zens > Geschäftsführung: Dr. Christian Grimm | Alina Hain > VR AG Charlottenburg 7729B | USt.-ID. DE 136623822
- [radext] Mohamed Boucadair's Yes on draft-ietf-ra… Mohamed Boucadair via Datatracker
- [radext] Re: Mohamed Boucadair's Yes on draft-iet… Margaret Cullen
- [radext] Re: Mohamed Boucadair's Yes on draft-iet… Jan-Frederik Rieckers
- [radext] Re: Mohamed Boucadair's Yes on draft-iet… mohamed.boucadair