attachment
<div dir="ltr"><div>FYI - RADIUS is cleaning up its act - this will impact many users and systems.</div><div><br></div><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <b class="gmail_sendername" dir="auto">Alan DeKok</b> <span dir="auto"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span><br>Date: Sun, Mar 24, 2024 at 2:23 PM<br>Subject: [saag] RADIUS is deprecating MD5<br>To: <<a href="mailto:saag@ietf.org">saag@ietf.org</a>><br></div><br><br> To follow up on my comments at the mic in Brisbane, the RADEXT group is working on two documents:<br>
<br>
* moving TLS to standards track: <a href="https://datatracker.ietf.org/doc/draft-rieckers-radext-rfc6614bis/" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/draft-rieckers-radext-rfc6614bis/</a><br>
<br>
* deprecating insecure practices: <a href="https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/" rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/</a><br>
<br>
We expect to submit these documents for publication around IETF 120.<br>
<br>
We will be deprecating the use of RADIUS/UDP, in large part due to it's reliance on MD5. Everyone shipping RADIUS clients should take a serious look at moving to TLS immediately.<br>
<br>
MD5 isn't getting any more secure, and there are few reasons left for staying with it.<br>
<br>
Alan DeKok.<br>
<br>
_______________________________________________<br>
saag mailing list<br>
<a href="mailto:saag@ietf.org" target="_blank">saag@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/saag" rel="noreferrer" target="_blank">https://www.ietf.org/mailman/listinfo/saag</a><br>
</div></div></div>