Re: [saag] RADIUS is deprecating MD5
Alan DeKok <aland@deployingradius.com> Mon, 01 April 2024 12:38 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFD40C14F6E9 for <saag@ietfa.amsl.com>; Mon, 1 Apr 2024 05:38:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E96T_agBPH4e for <saag@ietfa.amsl.com>; Mon, 1 Apr 2024 05:38:28 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 874D1C14F6BF for <saag@ietf.org>; Mon, 1 Apr 2024 05:38:28 -0700 (PDT)
Received: from smtpclient.apple (unknown [75.98.136.130]) by mail.networkradius.com (Postfix) with ESMTPSA id 56B4320C; Mon, 1 Apr 2024 12:38:25 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <ME0P300MB0713FE22A714258C5F2D95F6EE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
Date: Mon, 01 Apr 2024 08:38:24 -0400
Cc: "saag@ietf.org" <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B51C0F05-020C-486B-8DFC-3FC94D42A776@deployingradius.com>
References: <755BC73B-B981-4986-B45A-E9796DCC66BC@deployingradius.com> <ME0P300MB0713122730DC9574730AC816EE382@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <Zgl6ejdpJNOyUja0@chardros.imrryr.org> <E1B4CCB5-202F-4087-8B56-9E7F3D73D1D0@deployingradius.com> <ZgmDLfNxV2RKSA5o@chardros.imrryr.org> <21309D5A-E824-42C7-8BAB-366AD568E9F4@deployingradius.com> <ZgmPg0qgA9stSeUo@chardros.imrryr.org> <ME0P300MB07133F7BB2C11FA027143127EE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM> <B57C85E4-D0A1-4E93-999B-12F712AA46E1@deployingradius.com> <ME0P300MB0713FE22A714258C5F2D95F6EE3F2@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/cOSvYNeN5f73hpp2AkeGTBFL-WE>
Subject: Re: [saag] RADIUS is deprecating MD5
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2024 12:38:31 -0000
On Apr 1, 2024, at 8:33 AM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > This isn't being used for Internet access or whatever, it's just to > authenticate a remote device. It *is* being used to control network access. Unauthenticated devices can't get network access until the RADIUS client lets them onto the network. i.e. switch, access point, VPN concentrator, etc. Even for the use-case you mention here, RADIUS has a critical role as the gatekeeper. Please understand that whatever limited use-case you've seen is a tiny percentage of what people use RADIUS for. And even in the use-case you mention, RADIUS performs a critical role which is not at all what you say it is. Alan DeKok.
- [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Jan-Frederik Rieckers
- Re: [saag] RADIUS is deprecating MD5 Bernard Aboba
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Viktor Dukhovni
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Viktor Dukhovni
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Viktor Dukhovni
- Re: [saag] RADIUS is deprecating MD5 Jan-Frederik Rieckers
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Viktor Dukhovni
- Re: [saag] RADIUS is deprecating MD5 Eliot Lear
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Paul Hoffman
- Re: [saag] RADIUS is deprecating MD5 Jan-Frederik Rieckers
- Re: [saag] RADIUS is deprecating MD5 Jan-Frederik Rieckers
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Bernard Aboba
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Jan-Frederik Rieckers
- Re: [saag] RADIUS is deprecating MD5 Paul Wouters
- Re: [saag] RADIUS is deprecating MD5 Peter Gutmann
- Re: [saag] RADIUS is deprecating MD5 Alan DeKok