IETF Logo Mail Archive

Re: [saag] RADIUS is deprecating MD5

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 01 April 2024 13:27 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 520C1C14F6FC for <saag@ietfa.amsl.com>; Mon, 1 Apr 2024 06:27:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6u0439MQmuos for <saag@ietfa.amsl.com>; Mon, 1 Apr 2024 06:27:45 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8CA3C14E515 for <saag@ietf.org>; Mon, 1 Apr 2024 06:27:44 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2168.outbound.protection.outlook.com [104.47.71.168]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-109-pQc3eRlNOL6gBp9UK8EjnA-1; Tue, 02 Apr 2024 00:27:41 +1100
X-MC-Unique: pQc3eRlNOL6gBp9UK8EjnA-1
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:229::18) by SY8P300MB0758.AUSP300.PROD.OUTLOOK.COM (2603:10c6:10:292::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.20; Mon, 1 Apr 2024 13:27:40 +0000
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::b3cd:2a27:73e1:a974]) by ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::b3cd:2a27:73e1:a974%5]) with mapi id 15.20.7452.019; Mon, 1 Apr 2024 13:27:40 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Alan DeKok <aland@deployingradius.com>
CC: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] RADIUS is deprecating MD5
Thread-Index: AQHafhhYd6Pp6wDrq0CYMT6Bf16QJrFRtYpBgABGhQCAAASugIAABbGAgAAFHYCAAAmYgIAA8+79gABYsACAAAN3w4AAAZAAgAAGxBuAAAM5gIAAAZHj
Date: Mon, 01 Apr 2024 13:27:39 +0000
Message-ID: <ME0P300MB0713F57E1F1556EA9BE0CEF7EE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
References: <755BC73B-B981-4986-B45A-E9796DCC66BC@deployingradius.com> <ME0P300MB0713122730DC9574730AC816EE382@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <Zgl6ejdpJNOyUja0@chardros.imrryr.org> <E1B4CCB5-202F-4087-8B56-9E7F3D73D1D0@deployingradius.com> <ZgmDLfNxV2RKSA5o@chardros.imrryr.org> <21309D5A-E824-42C7-8BAB-366AD568E9F4@deployingradius.com> <ZgmPg0qgA9stSeUo@chardros.imrryr.org> <ME0P300MB07133F7BB2C11FA027143127EE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <B57C85E4-D0A1-4E93-999B-12F712AA46E1@deployingradius.com> <ME0P300MB0713FE22A714258C5F2D95F6EE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <B51C0F05-020C-486B-8DFC-3FC94D42A776@deployingradius.com> <ME0P300MB0713DE85687893610B7E6CBFEE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <5B9DD4E1-76FB-460B-A68A-D7E085AC2E26@deployingradius.com>
In-Reply-To: <5B9DD4E1-76FB-460B-A68A-D7E085AC2E26@deployingradius.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME0P300MB0713:EE_|SY8P300MB0758:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: p3NY25vVa/Lx1YlS9ZMYONvcbkoENRBV3L+D9IvjIUft4FppX/Kmu0Hty7uJkBQ9wz/1k0gkrjZg2Rxoh82FkKcIqrayf5yKMnyTz8F8uAs1R72KQJzXFW9+tOSflSXJXNkvmIbmtlvc1OFlR++pzRvND+2FztYe+kjpJefCGFbpwyvj75lHtSs3FYs/vo2H8QxQBvyVUqlP35aWN+/OA/8Oac5bOynfqta7hSFVI5n7A6E37t92SOCH7g4dvH9hvxA8fCV3wluEJIDP/WbiJj+PVId4qYWRtkq0SU2LnslJVNt2DVX7J7gJWi+40tPGa0dm0eFHbdpE786M8u1oQkoM9JotjINvWTWied4hcawXpZU+hnG4GTX9k8ZsbjcEv7Tgvt7XWx0AreBDJS6qSe8/VJJF46BmeTfEytjqccgc+lNOPNijmzlw+Tf3qtzzTm8FIJ388hCq82eUwikjwr7Q1qMaWSXNrdDzhqmqpPlcJpWY+fZhgmMheWVOPTAlkL8SxIahxub5FqxBPWRHaLBy33dpw1BK2hhMlPGqx8GBL/tcLfAsSb0E/sDjgLINs+gwNqfZZKEIcR7wDcY376VaHejkn8Pt7gzuMoeNHb//fALOi25WBUXLJ+0U3Q2TS+i541BOEf22cSHAm6bprT9D8XBeO9rWHOK3L0I8EGE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: QV4jpCvjyZ0WS0cVSC9w/Sa4xgC5YC19N9LWndc/3PoDshJjkzk+pDwajqxvxCgocYsV2zmskVRREgsnAFvuyNw/Ff20bpeJ/8qug9yTDcZItms/z97XZ07B4Gop3RT2v+5NgLs4i+l7iJH/W3JQFgjqa+ahBujurZ0R4rTx97jBIxEcOGRkvJsfb96qiHyRvQYBKq5FK45rXeUM4MBRZyUKu6dxlPvYc8OF9PJP4MWqqJl32K5/nuMqKsxlgYO3BdQ3Om4r01wYefZetrQlB6/5RLDVk3uX+sUrTAyICQh/5qLC68kxyxBZGmfm02d49zeFKbRhjWPcYaPoAGq/rp84xFrSwtglU66Cf9T0ZNBxY0gJkPLagyT12+rzvQMRS5xVLOZFSOnLyKYwNfiFn3vA1JJuorj4qJEOCrtc8Hke+BQu0islp8M6Y/s6x1Rx30pS8liH5xOcg6T8a2iA1LmG7yOWnGUQjmZ9q38wVP5fWdCuAD9jwEMIa4nHzSARkTgSHuN2R45M+v3JOdnQK5N7tI+SBUbKeJxgG2NRyHXREh4rgW+heGR3VIju6vTlOwrRUmYaGDnN0+JGpsC2YRZkPsKWj94nYMYTG9VNBDn+AZlDWhPkxJTBpep7rnGcfm5vY2l+xVypeYfVXs0M7+5YJHv5VdMmU33HLDskbPlCBV0NxbPxKV5d0KjVCjkqCGwFWrvaPVl83vhnrYx9ndKjA5/SL8eaQbZXJJdXzZqgrgcPcRDTqL/QsUGKQmHpceBHxOysDK2HRyIOVYVQfohTjvOvSjqp+Z17fAnRQEElXqNMxPThdOw5XuwNZc3gm338+KP6IMfBNr1h9vyV1m/KFp1P9tkhBS3Y1sZjdXAG416b9jFadGfmQ11vXfgedPPM+zrJPOfvcsZuNahmq6sBqVzdF0es5MXuaz47NdIjpnkEfRH6ZMyNaFMC2TNJxEAOnViJc6CJvg92CJtvy+YSJjwlJEfjWL0vneSAhhQpmj90jrmWz/vwusyody1QQPFsSJwO6vWSUtQD5r4KYVGOzGZ7xp3IRzSd/GGa7eO3cpnwXgL8oZ6R6OZlkYMWHm/R2qVNC/hjI4x+lFTfNr/oApKp9I8rVnjQvbcP2Mxq/GLVpTI5Jv8NYjlvubwgIzrSpI/2IHex6Zt0y+RUChupkNtNbCn4SR1z4wDqqDSpsFU/uACm0m5q+XsrQ8xN+SIG9QY1BAJDoiLF670M+7jQFxPNXO06HuyKKkm+QIHLqpfA1Ze7LyeqWBB50BgXsQr19zyTl7bJoTKMubKRDVqAOrWt58shvRcKtfPdQ0YNtGlW1S38eiy3rR5pNnyD5CXSrf3tdY3ha7wrks4cS5YAgLzwMSGTdwzIIifGrMSc/50kf4BVPJjlrisHrhEbqVhUQT7Kcg75z6BbN29THzo4kMDrXs/gjT591aIMpqSERIotjQr0i5UUV75+iPPS8E+tS2XuQgOqktSJ5etG7aZiFOpNGytOm01x7CXJz9FcyizStMF0bxe0wpDpuZR00o7K74m7U4yd0amXRkkpxEdlMbPZYNsqxoUZEv1Rl3bgJ9uXfmHyUBoP3nFfKtCT9KISRdDzkbc6JV8EJRUwTg==
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ad8ca73-ed83-4100-086f-08dc524f80ff
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2024 13:27:39.9548 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: whrQ52do8QP7APg2wxRJhtWnHN1Ywwj52ysUrH3noL8HJwJ7fC8BTDQ2iEkZL2AvXFkQEPPyG+uoi7WOSFezKvDe/H/cbY9qFmPVxh43+qY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY8P300MB0758
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/9Ipra_Tgk8ZIXhBAG2jK3PsSR8M>
Subject: Re: [saag] RADIUS is deprecating MD5
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 13:27:46 -0000

Alan DeKok <aland@deployingradius.com> writes:

>I see I can't convince you as to how RADIUS actually works.

I know how RADIUS works, I'm pointing out that it's used in ways other than
the way you imagine.  You're responding with "lalalalala, I'm not listening,
I'm not listening, there's only this way, nothing else exists".  This doesn't
change the fact that it's used in other ways than you imagine.

As for judging the competence of the people who built this stuff, what it's
being used with predates RADIUS by many years and it's still going so I'd say
they were pretty competent.

(OK, it's actually kinda messy, but it's kept the lights on so at least it
works).

Peter.

v2.23.0 | Report a Bug | By Email