RE: draft-winter-radsec-01 published

["Glen Zorn" <glenzorn@comcast.net>]

Are you planning to request a BOF slot in Philadephia?  If not, I would
strongly encourage you to do so.

Stefan Winter <> scribbled on Friday, February 08, 2008 3:34 PM:

> Hello,
> 
> there is a new version of the RadSec draft available under
> 
> http://www.ietf.org/internet-drafts/draft-winter-radsec-01.txt
> 
> It contains the changes which were announced in IETF70 in Vancouver.
> 
> The two main points are:
> 
> - mention TLS with shared secrets as a possible means of establishing
> the TLS tunnel (though no implementations currently offer that
> option)  
> - The CA selection during the TLS handshake. This was presented in
> the Vancouver meeting, but the problem has two sides:
> server-to-client signalling of acceptable CAs can be signalled with
> TLS 1.1, as presented in the Vancouver meeting. The other way round,
> client-to-server signalling, is not possible with TLS 1.1. There is
> ongoing work in the tls working group though,
> http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc4366-bis-01.txt
> , which will allow a Trusted CA indication later. A note that this
> signalling is the suggested behaviour as soon as that draft is
> ratified is added in the current radsec draft.         
> 
> Greetings,
> 
> Stefan Winter


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>