[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-ietf-radext-radsec-01.txt

To: radiusext@ops.ietf.org
Subject: Re: I-D Action:draft-ietf-radext-radsec-01.txt
From: Stefan Winter <stefan.winter@restena.lu>
Date: Fri, 22 Aug 2008 17:44:09 +0200
In-reply-to: <20080822143001.BA4C63A697D@core3.amsl.com>
References: <20080822143001.BA4C63A697D@core3.amsl.com>
User-agent: Thunderbird 2.0.0.12 (X11/20071114)

Hi,

this version reflects the discussions from IETF-72.

* normative section in the beginning, informative afterwards withexplanations

* forbid integrity-only ciphers

* fixed shared "secret" ["radsec" for now, as I don't quite rememberwhat we settled for, if anything]


Most of it is text re-shuffling, two notable changes:

* previous versions left CoA and Disconnect unspecified. The currentdraft includes it, the basic rationale being that to implement RadSec,new code is necessary anyways and the burden of at least answering to aReq with a NAK can be demanded IMO.* one of the SHOULD ciphers which is based on MD5 is gone. It felt a bitawkward to complain about RADIUS' MD5 usage and then recommend a MD5based cipher.

If you have comments, I'll be happy to ignore them for the next twoweeks, since I'll be at a completely-offline vacation. I'll get back toIETF business after that.


Greetings,

Stefan Winter

Internet-Drafts@ietf.org schrieb:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the RADIUS EXTensions Working Group of the IETF.


	Title           : TLS encryption for RADIUS over TCP (RadSec)
	Author(s)       : S. Winter, et al.
	Filename        : draft-ietf-radext-radsec-01.txt
	Pages           : 17
	Date            : 2008-08-22

This document specifies security on the transport layer (TLS) for the
RADIUS protocol [RFC2865] when transmitted over TCP
[I-D.dekok-radext-tcp-transport].  This enables dynamic trust
relationships between RADIUS servers.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-radext-radsec-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- I-D Action:draft-ietf-radext-radsec-01.txt
  - From: Internet-Drafts@ietf.org

Prev by Date: I-D Action:draft-ietf-radext-radsec-01.txt
Next by Date: I-D ACTION:draft-ietf-radext-status-server-01.txt
Previous by thread: I-D Action:draft-ietf-radext-radsec-01.txt
Next by thread: I-D ACTION:draft-ietf-radext-status-server-01.txt
Index(es):
- Date
- Thread