[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Issue RADSEC certificate handling
Description of issue
Submitter name: Joe Salowey
Submitter email address: jsalowey@cisco.com
Date first submitted:
Reference:
Document: draft-ietf-radext-radsec-04.txt
Comment type: T
Priority: S
Section: 2.2
Rationale/Explanation of issue:
This connection setup and certificate handling section is improved, but
I think it could still use some work.
Requested change:
1. The discussion of TLS cipher suites is broken apart into several
places in the document, some of them normative and some of them
informative. I believe the normative and informative information is
reversed. The implementation requirements for supported cipher suites
should go in this section.
2. When is it acceptable not to validate the SRV entry in the
certificate?
3. The section should state that matching should be done against locally
configured names (as opposed to information retrieved from DNS).
4. Is there any particular URI type that would be useful for RADIUS?
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>