Skip to main content

RADIUS EXTensions
charter-ietf-radext-07

WG review announcement

WG Review Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: radext@ietf.org 
Reply-To: iesg@ietf.org
Subject: WG Review: RADIUS EXTensions (radext)

A new IETF WG has been proposed in the Operations and Management Area. The
IESG has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg@ietf.org) by 2023-02-27.

RADIUS EXTensions (radext)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  Margaret Cullen <mrcullen42@gmail.com>
  Valery Smyslov <valery@smyslov.net>

Assigned Area Director:
  Paul Wouters <paul.wouters@aiven.io>

Operations and Management Area Directors:
  Warren Kumari <warren@kumari.net>
  Robert Wilton <rwilton@cisco.com>

Mailing list:
  Address: radext@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/radext
  Archive: https://mailarchive.ietf.org/arch/browse/radext/

Group page: https://datatracker.ietf.org/group/radext/

Charter: https://datatracker.ietf.org/doc/charter-ietf-radext/

The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol. To ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
all documents produced must specify means of interoperation with legacy
RADIUS. Any non-backwards compatibility changes with existing RADIUS
RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 4668-4673,4675,
5080, 5090, 5176 and 6158 must be justified. Transport profiles should
be compatible with RFC 3539, with any non-backwards compatibility changes
justified.

The WG will review its existing RFCs' document track categories and
where necessary or useful change document tracks, with minor changes in
the documents if needed.

Work Items

The immediate goals of the RADEXT working group are:

- Deprecating the use of insecure transports outside of secure
networks. This work updates RFC 6421.

- Bring RFC 6614 (RADIUS/TLS), and RFC 7360 (RADIUS/DTLS) to
Standards track.

- Define best practices for using TLS-PSK with TLS-based transport.

- Define best practices for RADIUS roaming, and roaming consortia
based on experience with RADIUS/TLS.

- Improve operations for multi-hop RADIUS networks: e.g. loop detection
and prevention, a multi-hop Status-Server equivalent with ability to
Trace the proxy steps a RADIUS message will follow.

- Extend the 8-bit RADIUS ID space to allow more than 256 "in flight"
packets across one connection.

- Allow for CoA / Disconnect packets to be sent in "reverse" down a
RADIUS/TLS or RADIUS/DTLS connection. This functionality assists with
transit of NATs.

- Defining Application-Layer Protocol Negotiation (ALPN) extensions  for
RADIUS/TLS and RADIUS/TLS
 which allow the use of those transports in a FIPS-140 compliant environment.

Timeline:

Much of this work should be completed by 2024 in order to be part of
the Wi-Fi 8 release, with products in 2026.

Milestones:

 TBD

WG action announcement

WG Action Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>,
    radext-chairs@ietf.org,
    radext@ietf.org 
Subject: WG Action: Rechartered RADIUS EXTensions (radext)

The RADIUS EXTensions (radext) WG in the Security Area of the IETF has been
rechartered. For additional information, please contact the Area Directors or
the WG Chairs.

RADIUS EXTensions (radext)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  Margaret Cullen <mrcullen42@gmail.com>
  Valery Smyslov <valery@smyslov.net>

Assigned Area Director:
  Paul Wouters <paul.wouters@aiven.io>

Security Area Directors:
  Roman Danyliw <rdd@cert.org>
  Paul Wouters <paul.wouters@aiven.io>

Mailing list:
  Address: radext@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/radext
  Archive: https://mailarchive.ietf.org/arch/browse/radext/

Group page: https://datatracker.ietf.org/group/radext/

Charter: https://datatracker.ietf.org/doc/charter-ietf-radext/

The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol. To ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
all documents produced must specify means of interoperation with legacy
RADIUS. Any non-backwards compatibility changes with existing RADIUS
RFCs, including RFCs 2865-2869, 3162, 3575, 3579, 3580, 4668-4673,4675,
5080, 5090, 5176 and 6158 must be justified. Transport profiles should
be compatible with RFC 3539, with any non-backwards compatibility changes
justified.

The WG will review its existing RFCs' document track categories and
where necessary or useful change document tracks, with minor changes in
the documents if needed.

Work Items

The immediate goals of the RADEXT working group are:

- Deprecating the use of insecure transports outside of secure
networks. This work updates RFC 6421.

- Bring RFC 6614 (RADIUS/TLS), and RFC 7360 (RADIUS/DTLS) to
Standards track.

- Define best practices for using TLS-PSK with TLS-based transport.

- Define best practices for RADIUS roaming, and roaming consortia
based on experience with RADIUS/TLS.

- Improve operations for multi-hop RADIUS networks: e.g. loop detection
and prevention, a multi-hop Status-Server equivalent with ability to
Trace the proxy steps a RADIUS message will follow.

- Extend the 8-bit RADIUS ID space to allow more than 256 "in flight"
packets across one connection.

- Allow for CoA / Disconnect packets to be sent in "reverse" down a
RADIUS/TLS or RADIUS/DTLS connection. This functionality assists with
transit of NATs.

- Defining Application-Layer Protocol Negotiation (ALPN) extensions  for
RADIUS/TLS and RADIUS/TLS
 which allow the use of those transports in a FIPS-140 compliant environment.

Timeline:

Much of this work should be completed by 2024 in order to be part of
the Wi-Fi 8 release, with products in 2026.

Milestones:

  Aug 2023 - ALPN negotiation

  Aug 2023 - reverse change of authorization (CoA)" path support for RADIUS

  Sep 2023 - TLS-PSK Best Practices

  Jan 2024 - 6614bis and 7360bis to IESG

  May 2024 - multi-hop status / traceroute,  extend 8-bit ID space


Ballot announcement

Ballot Announcement