Markdown Version | Session Recording

Session Date/Time: 04 Nov 2024 17:30

radext

Summary

The radext working group meeting covered updates on several drafts, including "Deprecating Insecure Practices", "TLSPSK", "radius 1-1", and "radius DTLS". Discussions focused on last call readiness, potential issues with resumption in TLSPSK, interoperability testing for radius 1-1, the length and structure of the "Deprecating Insecure Practices" document, and security concerns related to the "radius DTLS" draft, specifically regarding selfie loop attacks and DTLS record handling. The group also discussed a new draft on a syntax for radius connect info. Finally they discussed work on radius attributes for NSEP.

Key Discussion Points

• Deprecating Insecure Practices:
  • Clarifications made after IETF 120.
  • Discussion on sending the document to working group last call.
  • Length of the draft and suggestions to shorten it by moving explanations to an appendix.
  • Discussion of whether it should be a BCP or standards track document.
• radius TLSPSK:
  • Submitted to the IESG for publication; currently in ID follow-up.
  • Clarification needed regarding session resumption.
  • Need to check with AD if changes are substantive.
• radius 1-1:
  • Submitted to the RFC editor.
  • Initial attempts at interoperability testing.
  • Plans for further testing and demonstrating multiple interoperable implementations.
• radius DTLS:
  • Discussion on proxying and load balancing being out of scope.
  • Dealing with unwanted accounting packets on the same port.
  • Security considerations regarding "selfie loop" attacks and potential countermeasures including using status server message.
  • Explicit specification on how radius packets are put into TLS records.
  • Clarification on handling of UDP fragmentation and DTLS records.
• Syntax for radius connect info:
  • Defining a consistent framework for sharing visibility of Wi-Fi network metrics.
  • Defining a syntax for existing Connect info, leveraging key-value pairs.
  • Discussions regarding handling of algorithm variations for metrics between implementations.
  • Need to ensure proper coordination with WBA.
• Radius Attributes for NSEP (National Security and Emergency Preparedness services):
  • Discussion on priority services for Wi-Fi networks.
  • Goal to extend these services to Wi-Fi.
  • Authorizing agent interface.

Decisions and Action Items

• Deprecating Insecure Practices: The working group will proceed with a working group last call.
• radius TLSPSK: Alan will summarize the discussions on the mailing list and propose changes. The AD will be consulted on whether the changes are substantive enough to require a new working group last call.
• radius DTLS: Janfred will incorporate the reviews from interim and IETF meetings. Focus on DTLS record handling and selfie loop mitigation.
• radius DTLS: Plan for an interim meeting in the February timeframe to work through open issues.
• Syntax for radius connect info: Contact WBA for coordination.
• Radius Attributes for NSEP: Publish the draft before further discussion.

Next Steps

• Alan to work on radius TLSPSK changes and consult with the AD.
• Janfred to continue work on radius DTLS and incorporate feedback.
• Schedule an interim meeting for radius DTLS in February.
• Mark and authors of radius connect info to coordinate with WBA.
• Authors of Radius Attributes for NSEP to publish draft.