[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue RADSEC certificate handling

To: <radiusext@ops.ietf.org>
Subject: Issue RADSEC certificate handling
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Date: Thu, 26 Mar 2009 11:29:16 -0700

Description of issue
Submitter name: Joe Salowey
Submitter email address: jsalowey@cisco.com
Date first submitted: 
Reference: 
Document: draft-ietf-radext-radsec-04.txt 
Comment type: T
Priority: S
Section: 2.2
Rationale/Explanation of issue:

This connection setup and certificate handling section is improved, but
I think it could still use some work.  


Requested change:

1. The discussion of TLS cipher suites is broken apart into several
places in the document, some of them normative and some of them
informative.  I believe the normative and informative information is
reversed.  The implementation requirements for supported cipher suites
should go in this section.

2. When is it acceptable not to validate the SRV entry in the
certificate? 

3. The section should state that matching should be done against locally
configured names (as opposed to information retrieved from DNS). 

4. Is there any particular URI type that would be useful for RADIUS? 





--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue RADSEC certificate handling
  - From: Stefan Winter <stefan.winter@restena.lu>

Prev by Date: RE: REMINDER: Call for Adoption of "RADIUS attributes for IPv6 Access Networks" as a RADEXT WG work item
Next by Date: Issue: RADSEC and DTLS docs
Previous by thread: REMINDER: Call for Adoption of "RADIUS attributes for IPv6 Access Networks" as a RADEXT WG work item
Next by thread: Re: Issue RADSEC certificate handling
Index(es):
- Date
- Thread