Re: [radext] Proposed charter text based on IETF-115 BoF
Jan-Frederik Rieckers <rieckers@dfn.de> Wed, 23 November 2022 09:38 UTC
Return-Path: <rieckers@dfn.de>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FD1C14CE4B for <radext@ietfa.amsl.com>; Wed, 23 Nov 2022 01:38:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dfn.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5EhhW10FsL6q for <radext@ietfa.amsl.com>; Wed, 23 Nov 2022 01:38:03 -0800 (PST)
Received: from c1004.mx.srv.dfn.de (c1004.mx.srv.dfn.de [IPv6:2001:638:d:c303:acdc:1979:2:58]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC083C14CE4A for <radext@ietf.org>; Wed, 23 Nov 2022 01:38:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dfn.de; h= content-type:content-type:in-reply-to:subject:subject :organization:from:from:content-language:references:user-agent :mime-version:date:date:message-id:received; s=s1; t=1669196275; x=1671010676; bh=nWU7rtPj8SqEZFUvjp6gdOwBFUft9sKFuH4bknWqfvE=; b= S1vCPskAn/uyAm+3z06C9eJaf87Y0ETnrIHIffDbzfTnIgo1VXTcP7AYTWvgOHhy Wtd+bqS3cHuPKWuQXILUfgRPlUDxO09GUWgzqhkOrkHfsnz0+rRgSJy5r+7UJ1ug vmJj1aAHrWkjL82cFJSr4aQSVK+WMYYU6BK2d1HY+54=
Received: from mail.dfn.de (mail.dfn.de [IPv6:2001:638:d:c102::150]) by c1004.mx.srv.dfn.de (Postfix) with ESMTPS id 4DC8D1200D3 for <radext@ietf.org>; Wed, 23 Nov 2022 10:37:54 +0100 (CET)
Received: from [IPV6:2001:638:d:1010::1004] (unknown [IPv6:2001:638:d:1010::1004]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mspool2.srv.dfn.de (Postfix) with ESMTPSA id F17EA103 for <radext@ietf.org>; Wed, 23 Nov 2022 10:37:53 +0100 (CET)
Message-ID: <2f8a0921-2e9e-751e-4f5d-42c5c9c3cb8a@dfn.de>
Date: Wed, 23 Nov 2022 10:37:51 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0
To: radext@ietf.org
References: <4ce6d292-bb34-5dd7-7b8b-d43c282658f1@iea-software.com> <329FE6EA-C1E6-4E16-8D0C-A68C32B67FB9@gmail.com> <FC5C81F9-FEB5-4F9C-9A02-36837B7ABC09@deployingradius.com> <CAOW+2dtANzJDbAjmhHiz_m1pkk+SyfHu5uZ_ddp4PPMi17=0-A@mail.gmail.com> <E59F655C-ADC3-465A-BC9E-4445135BFE97@deployingradius.com>
Content-Language: en-US
From: Jan-Frederik Rieckers <rieckers@dfn.de>
Autocrypt: addr=rieckers@dfn.de; keydata= xjMEYS90/RYJKwYBBAHaRw8BAQdAWXYFYTJZD1YR1SztUNqHenPGnf+gdQe/9LjiHlr2XATN J0phbi1GcmVkZXJpayBSaWVja2VycyA8cmllY2tlcnNAZGZuLmRlPsKWBBMWCAA+AhsDBQsJ CAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE/fv7DCp4WBOrb8RyDYuiXSS+ypYFAmMXdJkFCQNL 9JwACgkQDYuiXSS+ypYZhQD+IvXSlzMB632TceTFUZ66vWijHZA9TymKjM27QzxjCcQA/ilb zGnQRFxRvpqGeJCwK/9MP9CZyyUjgAPQBaZNoTcOzjgEYS90/RIKKwYBBAGXVQEFAQEHQBxo 6esD49rxn4d3su5fJJL79XjfKNy26LiFE9Gpg38+AwEIB8J+BBgWCAAmAhsMFiEE/fv7DCp4 WBOrb8RyDYuiXSS+ypYFAmMXdKIFCQNL9KUACgkQDYuiXSS+ypY8IwEA5hkI+oA2pFmD6zXj rULCT+G9o8A5xSkMZBiw6U6yKcMBAMpTki1h4qCwaQR+hvt1rNjJr4ISUtd+ErlHlPWsxIgI
Organization: DFN e.V.
In-Reply-To: <E59F655C-ADC3-465A-BC9E-4445135BFE97@deployingradius.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------reC0P5IFBUunT7Fg30rw02PU"
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/w_e7uTY5_Y9Z3YIdPDr6-yJUTmE>
Subject: Re: [radext] Proposed charter text based on IETF-115 BoF
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2022 09:38:09 -0000
On 23.11.22 02:13, Alan DeKok wrote: >> And given the low deployment and implementation of RADIUS over (D)TLS, "existing deployment" doesn't strike me as a good reason not to. > > It's low, but it is used. I'm wary of re-defining existing protocols. I wouldn't even say it's low. We have two roaming consortia which rely either partially (eduroam) or completely (OpenRoaming) on RADIUS/TLS, partly with dynamic discovery. Re-defining RADIUS/TLS without MD5-usage would mean that we also would have to specify a way of protocol negotiation in Order to have an upgrade path, otherwise these consortia will stay on the old version, because otherwise the whole consortium has to switch to the new protocol on a flag day. SRADIUS is a good way of addressing the problem of MD5-usage in RADIUS. Whether this is an actual problem or just a suspected one doesn't matter IMHO. The hassle of explaining why MD5 is OK in RADIUS, as long as the RADIUS packet is then encrypted and signed by IPSec/TLS, justifies the need for SRADIUS and having a new transport profile with different default ports is a good way to have reliable interoperability and a good and usable upgrade path. Cheers, Janfred -- E-Mail: rieckers@dfn.de | Fon: +49 30884299-339 | Fax: +49 30884299-370 Pronomen: er/sein | Pronouns: he/him __________________________________________________________________________________ DFN - Deutsches Forschungsnetz | German National Research and Education Network Verein zur Förderung eines Deutschen Forschungsnetzes e.V. Alexanderplatz 1 | 10178 Berlin www.dfn.de Vorstand: Prof. Dr. Odej Kao (Vorsitzender) | Dr. Rainer Bockholt | Christian Zens Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch VR AG Charlottenburg 7729B | USt.-ID. DE 1366/23822
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- [radext] Proposed charter text based on IETF-115 … Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Peter Deacon
- Re: [radext] Proposed charter text based on IETF-… Michael Richardson
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Peter Deacon
- Re: [radext] Proposed charter text based on IETF-… josh.howlett
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Michael Richardson
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Peter Deacon
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Stephen Farrell
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Stephen Farrell
- Re: [radext] Proposed charter text based on IETF-… Michael Richardson
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Stephen Farrell
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Paul Wouters
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alexander Clouter
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Matthew Newton
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Matthew Newton
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Heikki Vatiainen
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Jan-Frederik Rieckers
- Re: [radext] Proposed charter text based on IETF-… Heikki Vatiainen
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… Bernard Aboba
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Proposed charter text based on IETF-… josh.howlett
- Re: [radext] Proposed charter text based on IETF-… Margaret Cullen
- Re: [radext] Proposed charter text based on IETF-… Alan DeKok
- Re: [radext] Liaison to government agencies Margaret Cullen
- Re: [radext] Liaison to government agencies Margaret Cullen
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Bernard Aboba
- Re: [radext] Liaison to government agencies Alan DeKok
- Re: [radext] Liaison to government agencies Alexander Clouter
- Re: [radext] Liaison to government agencies Behcet Sarikaya