Re: FW: SecDir review of draft-ietf-radext-tcp-transport

[Alan DeKok <aland@deployingradius.com>]

> From: Kurt Zeilenga [mailto:Kurt.Zeilenga@Isode.com] 
> Sent: Friday, May 07, 2010 10:51 PM
...
> This document discussions use of RADIUS over TLS (over TCP).  This
> document is being considered for publication as an Experimental RFC.

  FYI: It discusses RADIUS over "bare" TCP, without TLS.  It mentions
TLS only to motivate TCP.

> This document does not discuss the particulars of how TLS is to be used.
> It seems left to draft-ietf-radext-radsec, which this document only
> informatively references.  It may be appropriate to elevate the
> reference to draft-ietf-radext-radsec to normative status.

  That's fine.  It *may* be possible to use this protocol when the
network is secured (e.g. via IPSec).  But the main intent is to use it
with TLS.

> I suggest inclusion of text in the Security Considerations section that
> specifically refer the reader to draft-ietf-radext-radsec for RADIUS
> over TLS specific security considerations, as well as RFC 5246 for
> general TLS security considerations.

  OK.  I'll put that in the next rev of the document.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>