[secdir] Secdir review of draft-ietf-radext-ieee802ext

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 28 January 2014 23:47 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCB71A036C for <secdir@ietfa.amsl.com>; Tue, 28 Jan 2014 15:47:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljvgwXUJJsJd for <secdir@ietfa.amsl.com>; Tue, 28 Jan 2014 15:47:57 -0800 (PST)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 895931A02EC for <secdir@ietf.org>; Tue, 28 Jan 2014 15:47:57 -0800 (PST)
Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id s0SNReIx015901 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <secdir@ietf.org>; Tue, 28 Jan 2014 16:27:41 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90]
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <41A9BF82-9F09-4733-8721-75529D51A8C4@vpnc.org>
Date: Tue, 28 Jan 2014 15:47:51 -0800
To: secdir <secdir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
X-Mailer: Apple Mail (2.1827)
Subject: [secdir] Secdir review of draft-ietf-radext-ieee802ext
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2014 23:47:58 -0000

This document defines some additional RADIUS attributes for IEEE 802 authenticators acting as AAA clients, and also clarifies some EAP usages. Thus, it describes authentication and authorization requests that are supposedly local to a network. The security considerations are pretty massive, but they are covered in other RFCs reasonably well, and those are listed in the Security Considerations. If you buy into the normal use of RADIUS in IEEE 802 networks, this document doesn't present anything at all challenging.

--Paul Hoffman