FW: SecDir review of draft-ietf-radext-tcp-transport

["Romascanu, Dan (Dan)" <dromasca@avaya.com>]

-----Original Message-----
From: Kurt Zeilenga [mailto:Kurt.Zeilenga@Isode.com] 
Sent: Friday, May 07, 2010 10:51 PM
To: draft-ietf-radext-tcp-transport.all@tools.ietf.org
Cc: Security Area Directorate; IETF
Subject: SecDir review of draft-ietf-radext-tcp-transport

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document discussions use of RADIUS over TLS (over TCP).  This
document is being considered for publication as an Experimental RFC.

This document does not discuss the particulars of how TLS is to be used.
It seems left to draft-ietf-radext-radsec, which this document only
informatively references.  It may be appropriate to elevate the
reference to draft-ietf-radext-radsec to normative status.

I suggest inclusion of text in the Security Considerations section that
specifically refer the reader to draft-ietf-radext-radsec for RADIUS
over TLS specific security considerations, as well as RFC 5246 for
general TLS security considerations.

Beyond this, I have no security concerns with transport details this I-D
discusses.

Regards, Kurt

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>