IETF 81 Proceedings
Introduction | Area, Working Goup & BoF Reports | Plenaries | Training | Internet Research Task Force
RADIUS EXTensions (radext) (WG)
Minutes | Audio Archives | Jabber Logs | Mailing List Archives
In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:
Additional RADEXT Web Page
Additional information is available at tools.ietf.org/wg/radext
Chair(s):Operations and Management Area Director(s):Operations and Management Area Advisor:Technical Advisor(s): |
Meeting Slides
- IETF 81 Agenda
- RADIUS extensions for CGN configurations
- IPv6 Acess
- Fancy Accounting
- Dynamic RADIUS server discovery
- RADIUS/TLS
- rRC4282bis
- RADIUS over DTLS
- Extended attributes
- Multihop Federations
Internet-Drafts:
- Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS) (0 bytes) Failed to copy /a/www/ietf-ftp/internet-drafts/draft-ietf-radext-crypto-agility-requirements-07.txt
- TLS encryption for RADIUS (0 bytes) Failed to copy /a/www/ietf-ftp/internet-drafts/draft-ietf-radext-radsec-09.txt
- RADIUS Over TCP (0 bytes) Failed to copy /a/www/ietf-ftp/internet-drafts/draft-ietf-radext-tcp-transport-09.txt
- NAI-based Dynamic Peer Discovery for RADIUS/TLS and RADIUS/DTLS (0 bytes) Failed to copy /a/www/ietf-ftp/internet-drafts/draft-ietf-radext-dynamic-discovery-03.txt
- RADIUS attributes for IPv6 Access Networks (0 bytes) Failed to copy /a/www/ietf-ftp/internet-drafts/draft-ietf-radext-ipv6-access-05.txt
- Remote Authentication Dial In User Service (RADIUS) Protocol Extensions (0 bytes) Failed to copy /a/www/ietf-ftp/internet-drafts/draft-ietf-radext-radius-extensions-02.txt
Request for Comments:
- The Network Access Identifier (RFC 4282) (34421 bytes) obsoletes RFC 2486 Failed to copy /a/www/ietf-ftp/rfc/rfc4282.txt
- Chargeable User Identity (RFC 4372) (21555 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc4372.txt
- RADIUS Extension for Digest Authentication (RFC 4590) (67181 bytes) obsoleted by RFC 5090 Failed to copy /a/www/ietf-ftp/rfc/rfc4590.txt
- RADIUS Authentication Client MIB for IPV6 (RFC 4668) (48252 bytes) obsoletes RFC 2618 Failed to copy /a/www/ietf-ftp/rfc/rfc4668.txt
- RADIUS Authentication Server MIB for IPv6 (RFC 4669) (50525 bytes) obsoletes RFC 2619 Failed to copy /a/www/ietf-ftp/rfc/rfc4669.txt
- RADIUS Accounting Server MIB for IPv6 (RFC 4671) (47694 bytes) obsoletes RFC 2621 Failed to copy /a/www/ietf-ftp/rfc/rfc4671.txt
- RADIUS Accounting Client MIB for IPv6 (RFC 4670) (44667 bytes) obsoletes RFC 2620 Failed to copy /a/www/ietf-ftp/rfc/rfc4670.txt
- RADIUS Dynamic Authorization Client MIB (RFC 4672) (50817 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc4672.txt
- RADIUS Dynamic Authorization Server MIB (RFC 4673) (47635 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc4673.txt
- RADIUS Attributes for Virtual LAN and Priority Support (RFC 4675) (29751 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc4675.txt
- RADIUS Delegated-IPv6-Prefix Attribute (RFC 4818) (12993 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc4818.txt
- RADIUS Filter Rule Attribute (RFC 4849) (18162 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc4849.txt
- Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes (RFC 5080) (64138 bytes) Updates RFC 2865,RFC 2866,RFC 2869,RFC 3579 Failed to copy /a/www/ietf-ftp/rfc/rfc5080.txt
- Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) (RFC 5176) (79541 bytes) obsoletes RFC 3576 Failed to copy /a/www/ietf-ftp/rfc/rfc5176.txt
- RADIUS Extension for Digest Authentication (RFC 5090) (68299 bytes) obsoletes RFC 4590 Failed to copy /a/www/ietf-ftp/rfc/rfc5090.txt
- Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management (RFC 5607) (55464 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc5607.txt
- Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol (RFC 5997) (55464 bytes) Updates RFC 2866 Failed to copy /a/www/ietf-ftp/rfc/rfc5997.txt
- RADIUS Design Guidelines (RFC 6158) (89319 bytes) Failed to copy /a/www/ietf-ftp/rfc/rfc6158.txt
Charter (as of 2011-09-29)
The RADIUS Extensions Working Group will focus on extensions to the
RADIUS protocol required to define extensions to the standard
attribute space as well as to address cryptographic algorithm
agility and use over new transports. In addition, RADEXT will
work on RADIUS Design Guidelines and define new attributes for
particular applications of authentication, authorization and
accounting such as NAS management and local area network (LAN) usage.
In order to enable interoperation of heterogeneous RADIUS/Diameter
deployments, all RADEXT WG work items MUST contain a Diameter
compatibility section, outlining how interoperability with
Diameter will be maintained.
Furthermore, to ensure backward compatibility with existing RADIUS
implementations, as well as compatibility between RADIUS and Diameter,
the following restrictions are imposed on extensions considered by the
RADEXT WG:
- All documents produced MUST specify means of interoperation with
legacy RADIUS and, if possible, be backward
compatible with existing RADIUS RFCs, including RFCs 2865-2869,
3162, 3575, 3579, 3580, 4668-4673,4675, 5080, 5090 and 5176.
Transport profiles should, if possible, be compatible with RFC 3539.
- All RADIUS work MUST be compatible with equivalent facilities in
Diameter. Where possible, new attributes should be defined so that
the same attribute can be used in both RADIUS and Diameter without
translation. In other cases a translation considerations
section should be included in the specification.
Work Items
The immediate goals of the RADEXT working group are to address the
following issues:
- RADIUS design guidelines. This document will provide guidelines for
design of RADIUS attributes. It will specifically consider how
complex data types may be introduced in a robust manner, maintaining
backwards compatibility with existing RADIUS RFCs, across all the
classes of attributes: Standard, Vendor-Specific and SDO-Specific.
In addition, it will review RADIUS data types and associated
backwards compatibility issues.
- RADIUS Management authorization. This document will define the
use of RADIUS for NAS management over IP.
-RADIUS attribute space extension. The standard RADIUS attribute
space is currently being depleted. This document will provide
additional standard attribute space, while maintaining backward
compatibility with existing attributes.
-RADIUS Cryptographic Algorithm Agility. RADIUS has traditionally
relied on MD5 for both per-packet integrity and authentication as well
as attribute confidentiality. Given the increasingly successful
attacks being mounted against MD5, the ability to support
alternative algorithms is required. This work item will
include documentation of RADIUS crypto-agility requirements,
as well as development of one or more Experimental RFCs providing
support for negotiation of alternative cryptographic algorithms
to protect RADIUS.
- IEEE 802 attributes. New attributes have been proposed to
support IEEE 802 standards for wired and wireless LANs. This
work item will support authentication, authorization and
accounting attributes needed by IEEE 802 groups including
IEEE 802.1, IEEE 802.11 and IEEE 802.16.
- New RADIUS transports. A reliable transport profile for
RADIUS will be developed, as well as specifications for
Secure transports, including TCP/TLS (RADSEC) and UDP/DTLS.
- Documentation of Status-Server usage. A document
describing usage of the Status-Server facility will be
developed.
Goals and Milestones:
| Done | Updates to RFC 2618-2621 RADIUS MIBs submitted for publication | |
| Done | SIP RADIUS authentication draft submitted as a Proposed Standard RFC | |
| Done | RFC 2486bis submitted as a Proposed Standard RFC | |
| Done | RFC 3576 MIBs submitted as an Informational RFC | |
| Done | RADIUS VLAN and Priority Attributes draft submitted as a Proposed Standard RFC (reduced in scope) | |
| Done | RADIUS Implementation Issues and Fixes draft submitted as an Informational RFC | |
| Done | RADIUS Filtering Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft) | |
| Done | RFC 3576bis submitted as an Informational RFC (split out from Issues & Fixes draft) | |
| Done | RADIUS Redirection Attributes draft submitted as a Proposed Standard RFC (split out from VLAN & Priority draft) | |
| Done | RADIUS Design Guidelines submitted as a Best Current Practice RFC | |
| Done | RADIUS Management Authorization I-D submitted as a Proposed Standard RFC | |
| Done | Reliable Transport Profile for RADIUS I-D submitted as a Proposed Standard RFC | |
| Done | Status-Server I-D submitted as a Proposed Standard RFC | |
| Dec 2010 | IPv6 Access I-D submitted as a Proposed Standard RFC | |
| Mar 2011 | RADIUS over DTLS I-D submitted as an Experimental RFC | |
| Mar 2011 | RADSEC (RADIUS over TCP/TLS) draft submitted as an Experimental RFC | |
| Mar 2011 | RADIUS Crypto-agility Requirements submitted as an Informational RFC | |
| Jun 2011 | Extended Attributes I-D submitted as a Proposed Standard RFC | |
| Oct 2011 | IEEE 802 Attributes I-D submitted as a Proposed Standard RFC | |
| Oct 2011 | Dynamic Discovery I-D submitted as a Proposed Standard RFC |
Home - Tools
Team - Datatracker - Web Site Usage Statistics - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - Store - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.