[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Status of draft-ietf-radext-tcp-transport-06.txt
Should this text be inserted between the second and the third paragraph
in the current Security Considerations section?
Dan
> -----Original Message-----
> From: Alan DeKok [mailto:aland@deployingradius.com]
> Sent: Thursday, May 13, 2010 3:50 PM
> To: Romascanu, Dan (Dan)
> Cc: 'radext mailing list'; Kurt.Zeilenga@Isode.com
> Subject: Re: Status of draft-ietf-radext-tcp-transport-06.txt
>
> Romascanu, Dan (Dan) wrote:
> > Thanks. I will put the document on the agenda of the 5/20
> telechat then.
>
> OK.
>
> > Did you answer the SEC-DIR review? We can already insert the RFC
> > Editor note if edits are agreed with the reviewer.
>
> Yes. New text suggested for the "Security Considerations" section:
>
> ...
> Implementors should consult [RTLS] for issues related the
> security of RADIUS over TLS, and [RFC5246] for issues related
> to the security of the TLS protocol.
>
> Since "bare" TCP does not provide for confidentiality or
> enable negotiation of credible ciphersuites, its use is not
> appropriate for inter-server communications where strong
> security is required. The use of "bare" TCP transport (i.e.,
> without additional confidentiality and security) is NOT
> RECOMMENDED, as there has been little or no operational
> experience with it.
> ...
>
> The first paragraph is new. The second is a repeat of text
> earlier in the document, which seemed appropriate to
> re-highlight in this section.
>
> Alan DeKok.
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>