[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D Action:draft-ietf-radext-radsec-01.txt
this version reflects the discussions from IETF-72.
* normative section in the beginning, informative afterwards with
* forbid integrity-only ciphers
* fixed shared "secret" ["radsec" for now, as I don't quite remember
what we settled for, if anything]
Most of it is text re-shuffling, two notable changes:
* previous versions left CoA and Disconnect unspecified. The current
draft includes it, the basic rationale being that to implement RadSec,
new code is necessary anyways and the burden of at least answering to a
Req with a NAK can be demanded IMO.
* one of the SHOULD ciphers which is based on MD5 is gone. It felt a bit
awkward to complain about RADIUS' MD5 usage and then recommend a MD5
If you have comments, I'll be happy to ignore them for the next two
weeks, since I'll be at a completely-offline vacation. I'll get back to
IETF business after that.
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the RADIUS EXTensions Working Group of the IETF.
Title : TLS encryption for RADIUS over TCP (RadSec)
Author(s) : S. Winter, et al.
Filename : draft-ietf-radext-radsec-01.txt
Pages : 17
Date : 2008-08-22
This document specifies security on the transport layer (TLS) for the
RADIUS protocol [RFC2865] when transmitted over TCP
[I-D.dekok-radext-tcp-transport]. This enables dynamic trust
relationships between RADIUS servers.
A URL for this Internet-Draft is:
Internet-Drafts are also available by anonymous FTP at:
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.