[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Status of draft-ietf-radext-tcp-transport-06.txt
Romascanu, Dan (Dan) wrote:
> Thanks. I will put the document on the agenda of the 5/20 telechat then.
OK.
> Did you answer the SEC-DIR review? We can already insert the RFC Editor
> note if edits are agreed with the reviewer.
Yes. New text suggested for the "Security Considerations" section:
...
Implementors should consult [RTLS] for issues related the security of
RADIUS over TLS, and [RFC5246] for issues related to the security of
the TLS protocol.
Since "bare" TCP does not provide for confidentiality or enable
negotiation of credible ciphersuites, its use is not appropriate for
inter-server communications where strong security is required. The
use of "bare" TCP transport (i.e., without additional confidentiality
and security) is NOT RECOMMENDED, as there has been little or no
operational experience with it.
...
The first paragraph is new. The second is a repeat of text earlier in
the document, which seemed appropriate to re-highlight in this section.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>