[secdir] SecDir review of draft-ietf-radext-tcp-transport

Kurt Zeilenga <Kurt.Zeilenga@Isode.com> Fri, 07 May 2010 19:51 UTC

Return-Path: <Kurt.Zeilenga@Isode.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D58523A68ED; Fri, 7 May 2010 12:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.555
X-Spam-Level:
X-Spam-Status: No, score=-0.555 tagged_above=-999 required=5 tests=[AWL=0.185, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iNW3lq2ugyDB; Fri, 7 May 2010 12:51:25 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id B5E3C3A6940; Fri, 7 May 2010 12:51:24 -0700 (PDT)
Received: from [192.168.1.101] ((unknown) [75.141.233.128]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <S-RvLwBeGQDj@rufus.isode.com>; Fri, 7 May 2010 20:51:11 +0100
X-SMTP-Protocol-Errors: NORDNS
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Date: Fri, 7 May 2010 12:51:09 -0700
Message-Id: <47EEE07C-8E6B-42AC-ACCA-A3CF5FCBB3D1@Isode.com>
To: draft-ietf-radext-tcp-transport.all@tools.ietf.org
X-Mailer: Apple Mail (2.1078)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Cc: IETF <ietf@ietf.org>, Security Area Directorate <secdir@ietf.org>
Subject: [secdir] SecDir review of draft-ietf-radext-tcp-transport
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 19:51:25 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document discussions use of RADIUS over TLS (over TCP).  This document is being considered for publication as an Experimental RFC.

This document does not discuss the particulars of how TLS is to be used.  It seems left to draft-ietf-radext-radsec, which this document only informatively references.  It may be appropriate to elevate the reference to draft-ietf-radext-radsec to normative status.

I suggest inclusion of text in the Security Considerations section that specifically refer the reader to draft-ietf-radext-radsec for RADIUS over TLS specific security considerations, as well as RFC 5246 for general TLS security considerations.

Beyond this, I have no security concerns with transport details this I-D discusses.

Regards, Kurt