RADIUS Attributes for IEEE 802 Networks
draft-ietf-radext-ieee802ext-12
Yes
(Benoît Claise)
No Objection
(Alia Atlas)
(Alissa Cooper)
(Barry Leiba)
(Brian Haberman)
(Jari Arkko)
(Joel Jaeggli)
(Martin Stiemerling)
(Pete Resnick)
(Spencer Dawkins)
Note: This ballot was opened for revision 11 and is now closed.
Benoît Claise Former IESG member
Yes
Yes
(for -11)
Unknown
Adrian Farrel Former IESG member
No Objection
No Objection
(2014-03-20 for -11)
Unknown
No objection, but surely it is time to stop "proposing" stuff. Don't you have IETF consensus and intend to publish an RFC?
Alia Atlas Former IESG member
No Objection
No Objection
(for -11)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(for -11)
Unknown
Barry Leiba Former IESG member
No Objection
No Objection
(for -11)
Unknown
Brian Haberman Former IESG member
No Objection
No Objection
(for -11)
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(for -11)
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(for -11)
Unknown
Kathleen Moriarty Former IESG member
No Objection
No Objection
(2014-03-24 for -11)
Unknown
This has a good description of radius threats in the Security Considerations section.
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -11)
Unknown
Pete Resnick Former IESG member
No Objection
No Objection
(for -11)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(for -11)
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(2014-03-24 for -11)
Unknown
While this spec doesn't really change the threat model as it impacts on RADIUS, (so this is non blockng and not a discuss) it might be no harm to state that confidentiality would be a useful service to use when sending many of these (or many other) RADIUS attributes since our conception of the actual threat model (e.g. with operator networks) has evolved in the last short while. Given RADIUS/TLS is experimental and radext is not done with a DTLS scheme you probably can't simply point at a way to handle that, but even so stating that some confidential channel is strongly desirable would be usefui I think. (I'm assuming that IPsec isn't used so much, or at least not to protect the entire path over which the RADIUS message traverses.)