[radext] Fwd: New Version Notification for draft-dekok-radext-radiusv11-02.txt
Alan DeKok <aland@deployingradius.com> Tue, 07 March 2023 16:48 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10CB9C151B02 for <radext@ietfa.amsl.com>; Tue, 7 Mar 2023 08:48:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AAuRlveU_K5b for <radext@ietfa.amsl.com>; Tue, 7 Mar 2023 08:48:41 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93705C151AFE for <radext@ietf.org>; Tue, 7 Mar 2023 08:48:40 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id E2E94C04 for <radext@ietf.org>; Tue, 7 Mar 2023 16:48:31 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
From: Alan DeKok <aland@deployingradius.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CBC690A2-2E85-439F-A02D-7A58348FAD96"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Message-Id: <BF9A40B6-C541-435A-B516-2F1EBF4D172B@deployingradius.com>
References: <167820514666.60649.4450593267966367247@ietfa.amsl.com>
To: radext@ietf.org
Date: Tue, 07 Mar 2023 11:48:30 -0500
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/wkK-jNzzAjmWrDyV1xC2H0PEI-8>
Subject: [radext] Fwd: New Version Notification for draft-dekok-radext-radiusv11-02.txt
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Mar 2023 16:48:44 -0000
I've added some text on flags in the packet header. The intention of the flags is to allow client / server to know whether or not there was end-to-end security for RADIUS. > Begin forwarded message: > > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-dekok-radext-radiusv11-02.txt > Date: March 7, 2023 at 11:05:46 AM EST > To: "Alan DeKok" <aland@freeradius.org> > > > A new version of I-D, draft-dekok-radext-radiusv11-02.txt > has been successfully submitted by Alan DeKok and posted to the > IETF repository. > > Name: draft-dekok-radext-radiusv11 > Revision: 02 > Title: RADIUS/TLS Version 1.1 > Document date: 2023-03-07 > Group: Individual Submission > Pages: 22 > URL: https://www.ietf.org/archive/id/draft-dekok-radext-radiusv11-02.txt > Status: https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ > Html: https://www.ietf.org/archive/id/draft-dekok-radext-radiusv11-02.html > Htmlized: https://datatracker.ietf.org/doc/html/draft-dekok-radext-radiusv11 > Diff: https://author-tools.ietf.org/iddiff?url2=draft-dekok-radext-radiusv11-02 > > Abstract: > This document defines Application-Layer Protocol Negotiation > Extensions for use with RADIUS/TLS and RADIUS/DTLS. These extensions > permit the negotiation of an additional application protocol for > RADIUS over (D)TLS. No changes are made to RADIUS/UDP or RADIUS/TCP. > The extensions allow the negotiation of a transport profile where the > RADIUS shared secret is no longer used, and all MD5-based packet > signing and attribute obfuscation methods are removed. When this > extension is used, the previous Authenticator field is repurposed to > contain an explicit request / response identifier, called a Token. > The Token also allows more than 256 packets to be outstanding on one > connection. > > This extension can be seen as a transport profile for RADIUS, as it > is not an entirely new protocol. It uses the existing RADIUS packet > layout and attribute format without change. As such, it can carry > all present and future RADIUS attributes. Implementation of this > extension requires only minor changes to the protocol encoder and > decoder functionality. The protocol defined by this extension is > named "RADIUS version 1.1", or "radius/1.1". > > > > > The IETF Secretariat > >
- [radext] Fwd: New Version Notification for draft-… Alan DeKok
- Re: [radext] Fwd: New Version Notification for dr… Alexander Clouter
- Re: [radext] New Version Notification for draft-d… Alan DeKok