[secdir] [new-work] WG Review: RADIUS EXTensions (radext)
The IESG <iesg@ietf.org> Fri, 17 February 2023 18:40 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1914CC4096F1; Fri, 17 Feb 2023 10:40:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1676659201; bh=2a/+KKnSEGLCJc7C1WRVvLC7WHVhtGK3qVPRkYUbQQU=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=k6mlQlbuym/Q+iJvLTzfBvXXdBlxbcmj6yjBJFHtGHDI07CqRE9WZaV/58ZpTHM77 4H2Qo8ajFHR0wfvcLJdEHVJzlPMC3lPCLXUqxTzoAtegUOj3T5l8fgUq4Fm0L2DzYM AukfTcxx+Q8Qh9c5YKmUXSdGISm9TPFLhPDWN5dE=
X-Mailbox-Line: From new-work-bounces@ietf.org Fri Feb 17 10:40:01 2023
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C889AC3D343B; Fri, 17 Feb 2023 10:40:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1676659200; bh=2a/+KKnSEGLCJc7C1WRVvLC7WHVhtGK3qVPRkYUbQQU=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=uyj+CFyD1qv3DYjzYJy8b3KTXFtcTL71pzVP6fAvDjgIMa5yaPGT55UBYTGsx9TY+ hGuOsmGG556Hk0xXVdZ6zVhLAq6tSpmcU5sE4DdTUFqQFehRVA9JCrH5YRtE0rPYHX kHdexAkioeIlJGICUxSuwC/5op2XQgpdHS39cH00=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3878BC14CE2F for <new-work@ietf.org>; Fri, 17 Feb 2023 10:39:53 -0800 (PST)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 9.10.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <167665919321.19067.3480828931124027033@ietfa.amsl.com>
Date: Fri, 17 Feb 2023 10:39:53 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/x-j_g1A1RuzpIkmH2vSMZi6JX1I>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.39
Reply-To: iesg@ietf.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/tFiIn_QaVy00Dl8QVQgOrBIwDjE>
X-Mailman-Approved-At: Fri, 17 Feb 2023 14:55:42 -0800
Subject: [secdir] [new-work] WG Review: RADIUS EXTensions (radext)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2023 18:40:01 -0000
A new IETF WG has been proposed in the Operations and Management Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2023-02-27. RADIUS EXTensions (radext) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: Margaret Cullen <mrcullen42@gmail.com> Valery Smyslov <valery@smyslov.net> Assigned Area Director: Paul Wouters <paul.wouters@aiven.io> Operations and Management Area Directors: Warren Kumari <warren@kumari.net> Robert Wilton <rwilton@cisco.com> Mailing list: Address: radext@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/radext Archive: https://mailarchive.ietf.org/arch/browse/radext/ Group page: https://datatracker.ietf.org/group/radext/ Charter: https://datatracker.ietf.org/doc/charter-ietf-radext/ The RADIUS Extensions Working Group will focus on extensions to the RADIUS protocol. To ensure backward compatibility with existing RADIUS implementations, as well as compatibility between RADIUS and Diameter, all documents produced must specify means of interoperation with legacy RADIUS. Any non-backwards compatibility changes with existing RADIUS RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 4668-4673,4675, 5080, 5090, 5176 and 6158 must be justified. Transport profiles should be compatible with RFC 3539, with any non-backwards compatibility changes justified. The WG will review its existing RFCs' document track categories and where necessary or useful change document tracks, with minor changes in the documents if needed. Work Items The immediate goals of the RADEXT working group are: - Deprecating the use of insecure transports outside of secure networks. This work updates RFC 6421. - Bring RFC 6614 (RADIUS/TLS), and RFC 7360 (RADIUS/DTLS) to Standards track. - Define best practices for using TLS-PSK with TLS-based transport. - Define best practices for RADIUS roaming, and roaming consortia based on experience with RADIUS/TLS. - Improve operations for multi-hop RADIUS networks: e.g. loop detection and prevention, a multi-hop Status-Server equivalent with ability to Trace the proxy steps a RADIUS message will follow. - Extend the 8-bit RADIUS ID space to allow more than 256 "in flight" packets across one connection. - Allow for CoA / Disconnect packets to be sent in "reverse" down a RADIUS/TLS or RADIUS/DTLS connection. This functionality assists with transit of NATs. - Defining Application-Layer Protocol Negotiation (ALPN) extensions for RADIUS/TLS and RADIUS/TLS which allow the use of those transports in a FIPS-140 compliant environment. Timeline: Much of this work should be completed by 2024 in order to be part of the Wi-Fi 8 release, with products in 2026. Milestones: TBD _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work