[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: Re: DISCUSS: draft-ietf-radext-tcp-transport]



--- Begin Message ---
Ralph Droms wrote:
> Discuss:
> This Discuss is related to Tim's Discuss.  This text:
> 
>    "Bare" TCP transport MAY, however, be used when another method such
>    as IPSec [RFC4301] is used to provide additional confidentiality and
>    security.  Should experience show that such deployments are useful,
>    this specification could be moved to standards track.
>  
> is confusing.  Why would experience with "bare" TCP or IPSec TCP cause draft-ietf-radext-tcp-transport to progress to Standards Track?

  The wording was the suggestion of another IESG review...

> Similarly, from the Abstract:
> 
>    It [draft-ietf-radext-tcp-transport-06.txt] is not intended
>    to define TCP as a transport protocol for RADIUS in the absence of
>    TLS.
> 
> while several of the motivations for RADIUS over TCP in section 1.1 are not specific to RADIUS with TLS.

  Yes.  The wide-spread adoption of DTLS is recent.  Implementations
chose TLS for RADIUS transport because it was widely available.
Choosing TLS required TCP transport, hence this document.

  I suggest adding text to that section:

...
The choice of TCP as a transport protocol is largely driven by the
desire to improve the security of RADIUS by using RADIUS over TLS.
For practical reasons, the transport protocol (TCP) is defined
separately from the security mechanism (TLS).
...


  Alan DeKok.



--- End Message ---