Skip to main content

RADIUS Extension for Digest Authentication
draft-ietf-radext-rfc4590bis-02

Revision differences

Document history

Date Rev. By Action
2020-01-21
02 (System) Received changes through RFC Editor sync (added Verified Errata tag)
2017-05-16
02 (System) Changed document authors from "Baruch Sterman" to "Baruch Sterman, Daniel Sadolevsky, Wolfgang Beck, David Schwartz, David Williams"
2015-10-14
02 (System) Notify list changed from radext-chairs@ietf.org to (None)
2008-02-29
02 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2008-02-29
02 Amy Vezza [Note]: 'RFC 5090' added by Amy Vezza
2008-02-14
02 (System) RFC published
2007-08-29
02 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2007-08-28
02 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2007-08-28
02 (System) IANA Action state changed to In Progress from Waiting on Authors
2007-08-26
02 (System) IANA Action state changed to Waiting on Authors from In Progress
2007-08-26
02 (System) IANA Action state changed to In Progress
2007-08-24
02 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2007-08-23
02 Amy Vezza IESG state changed to Approved-announcement sent
2007-08-23
02 Amy Vezza IESG has approved the document
2007-08-23
02 Amy Vezza Closed "Approve" ballot
2007-07-08
02 Dan Romascanu Note field has been cleared by Dan Romascanu
2007-07-08
02 Dan Romascanu
id-nits shows the following warnings that may need to be clarified in a note to the RFC editor:

idnits 2.04.10

tmp/draft-ietf-radext-rfc4590bis-02.txt(1267): Found possible IPv4 address …
id-nits shows the following warnings that may need to be clarified in a note to the RFC editor:

idnits 2.04.10

tmp/draft-ietf-radext-rfc4590bis-02.txt(1267): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.
tmp/draft-ietf-radext-rfc4590bis-02.txt(1324): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.
tmp/draft-ietf-radext-rfc4590bis-02.txt(1382): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.
tmp/draft-ietf-radext-rfc4590bis-02.txt(1430): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.


  Checking nits according to http://www.ietf.org/ID-Checklist.html:
  ----------------------------------------------------------------------------

  == There are 4 instances of lines with private range IPv4 addresses in the
    document.  If these are generic example addresses, they should be changed
    to use the 192.0.2.x range defined in RFC 3330.
2007-07-08
02 Dan Romascanu
id-nits shows the following warnings:

idnits 2.04.10

tmp/draft-ietf-radext-rfc4590bis-02.txt(1267): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range. …
id-nits shows the following warnings:

idnits 2.04.10

tmp/draft-ietf-radext-rfc4590bis-02.txt(1267): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.
tmp/draft-ietf-radext-rfc4590bis-02.txt(1324): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.
tmp/draft-ietf-radext-rfc4590bis-02.txt(1382): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.
tmp/draft-ietf-radext-rfc4590bis-02.txt(1430): Found possible IPv4 address '192.168.2.38' in position 24; this doesn't match RFC3330's suggested 192.0.2.0/24 address range.


  Checking nits according to http://www.ietf.org/ID-Checklist.html:
  ----------------------------------------------------------------------------

  == There are 4 instances of lines with private range IPv4 addresses in the
    document.  If these are generic example addresses, they should be changed
    to use the 192.0.2.x range defined in RFC 3330.
2007-07-08
02 Dan Romascanu State Changes to Approved-announcement to be sent::Point Raised - writeup needed from Approved-announcement to be sent by Dan Romascanu
2007-07-08
02 Dan Romascanu State Changes to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed by Dan Romascanu
2007-07-06
02 (System) Removed from agenda for telechat - 2007-07-05
2007-07-05
02 Amy Vezza State Changes to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation by Amy Vezza
2007-07-05
02 (System) New version available: draft-ietf-radext-rfc4590bis-02.txt
2007-07-05
02 Sam Hartman [Ballot Position Update] New position, No Objection, has been recorded by Sam Hartman
2007-07-05
02 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2007-07-05
02 Jon Peterson [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson
2007-07-05
02 Cullen Jennings [Ballot Position Update] Position for Cullen Jennings has been changed to No Objection from Discuss by Cullen Jennings
2007-07-05
02 Cullen Jennings [Ballot discuss]
2007-07-04
02 Cullen Jennings
[Ballot discuss]
This is a discuss discuss.

This document has basically only very trivial changes since the previous version. I would like to talk about …
[Ballot discuss]
This is a discuss discuss.

This document has basically only very trivial changes since the previous version. I would like to talk about the expense of doing errata this way and if we as the IESG are willing to have errata run though as complete revisions of the document.

I would prefer to see the changes in this document published as an errata.
2007-07-04
02 Cullen Jennings [Ballot Position Update] Position for Cullen Jennings has been changed to Discuss from No Objection by Cullen Jennings
2007-07-04
02 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2007-07-04
02 Lisa Dusseault [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault
2007-07-04
02 Chris Newman
[Ballot comment]
Might want to make sure IANA knows to update the RADIUS registry entries
for these parameters to refer to the new RFC when …
[Ballot comment]
Might want to make sure IANA knows to update the RADIUS registry entries
for these parameters to refer to the new RFC when it's published.  The
IANA considerations section didn't say that explicitly.

I question whether RADIUS over IPsec will deploy as widely as HTTPS/SIPS
has.  This makes me wonder if IPsec is an adequate answer to protect
these exchanges, especially given a simple passive eavesdrop of H(A1)
leaves that user's account completely compromised in that realm.
2007-07-04
02 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2007-07-03
02 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2007-07-03
02 Jari Arkko [Ballot comment]
I verified diffs to RFC 4590 too. Everything looks good.
2007-07-03
02 Jari Arkko [Ballot comment]
A verified diffs to RFC 4590 too. Everything looks good.
2007-07-03
02 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko
2007-07-02
02 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2007-07-02
02 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk
2007-07-02
02 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2007-07-02
02 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2007-07-02
02 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2007-06-28
02 Dan Romascanu
[Note]: 'A revised version of non-normative Section 6 (Examples) will be provided in order to fix problems detected during the Last Call.' added by Dan …
[Note]: 'A revised version of non-normative Section 6 (Examples) will be provided in order to fix problems detected during the Last Call.' added by Dan Romascanu
2007-06-26
02 Dan Romascanu State Changes to IESG Evaluation from Waiting for Writeup by Dan Romascanu
2007-06-26
02 Dan Romascanu Placed on agenda for telechat - 2007-07-05 by Dan Romascanu
2007-06-26
02 Dan Romascanu [Ballot Position Update] New position, Yes, has been recorded for Dan Romascanu
2007-06-26
02 Dan Romascanu Ballot has been issued by Dan Romascanu
2007-06-26
02 Dan Romascanu Created "Approve" ballot
2007-06-07
02 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Stefan Santesson.
2007-05-29
02 (System) State has been changed to Waiting for Writeup from In Last Call by system
2007-05-21
02 Yoshiko Fong
IANA Lasst Call Comments:

This document asks IANA to make assignments that were
already made in RFC4590. Are there any changes requested
by this …
IANA Lasst Call Comments:

This document asks IANA to make assignments that were
already made in RFC4590. Are there any changes requested
by this document?
2007-05-17
02 Samuel Weiler Request for Last Call review by SECDIR is assigned to Stefan Santesson
2007-05-17
02 Samuel Weiler Request for Last Call review by SECDIR is assigned to Stefan Santesson
2007-05-15
02 Amy Vezza Last call sent
2007-05-15
02 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2007-05-15
02 Dan Romascanu State Changes to Last Call Requested from Publication Requested by Dan Romascanu
2007-05-15
02 Dan Romascanu Last Call was requested by Dan Romascanu
2007-05-15
02 (System) Ballot writeup text was added
2007-05-15
02 (System) Last call text was added
2007-05-15
02 (System) Ballot approval text was added
2007-04-09
02 Dinara Suleymanova
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the Document
Shepherd personally reviewed this version of the document and, in
particular, …
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the Document
Shepherd personally reviewed this version of the document and, in
particular,
does he or she believe this version is ready for forwarding to the IESG for
publication?

Document Shepherd: Bernard Aboba
I have personally reviewed the document.

(1.b) Has the document had adequate review from both key WG members and
key non-WG members? Does the Document Shepherd have any concerns
about the depth or breadth of the reviews that have been performed?

Yes. This document has been through a WG last call.

(1.c) Does the Document Shepherd have concerns that the document needs
more review from a particular or broader perspective e.g., security,
operational
complexity, someone familiar with AAA, internationalization or XML?

This document includes some fixes to RFC 4590, which was discovered to
contain
IANA errors after publication. These problems were fixed along with a
few other errata. So this document has already received extensive review in
the relatively recent past.

(1.d) Does the Document Shepherd have any specific concerns or issues with
this document that the Responsible Area Director and/or the IESG should be
aware of?

For example, perhaps he or she is uncomfortable with certain parts of the
document, or has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated that it still
wishes to advance the document, detail those concerns here. Has an IPR
disclosure related to this document been filed? If so, please include a
reference to the disclosure and summarize the WG discussion and conclusion
on this issue.

No concerns.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with
it?

There is solid consensus behind this document, as there was behind
RFC 4590.

The issues raised and the resolutions are available for inspection at
http://www.drizzle.com/~aboba/RADEXT/

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate email
messages to the

Responsible Area Director. (It should be in a separate email because this
questionnaire is entered into the ID Tracker.)

No.

(1.g) Has the Document Shepherd personally verified that the document
satisfies
all ID nits? (See http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough;
this check needs to be thorough. Has the document met all formal review
criteria it needs to, such as the MIB Doctor, media type and URI type
reviews?

Yes. An output of the run on this revision of the ID by the online nits
checker:

idnits 2.04.05

tmp/draft-ietf-radext-rfc4590bis-01.txt:
tmp/draft-ietf-radext-rfc4590bis-01.txt(1132): Found possible

IPv4 address '3.2.2.2' in position 64; this doesn't match RFC3330's
suggested

192.0.2.0/24 address range.

[BA] 3.2.2.2 is a section header, not an address.

Checking boilerplate required by RFC 3978 and 3979, updated by RFC 4748:

----------------------------------------------------------------------------

No issues found here.

Checking nits according to http://www.ietf.org/ietf/1id-guidelines.txt:

----------------------------------------------------------------------------

** Missing expiration date. The document expiration date should appear on
the first and last page.

Checking nits according to http://www.ietf.org/ID-Checklist.html:

----------------------------------------------------------------------------

** There are 1 instance of lines with non-RFC3330-compliant IPv4 addresses
in the document. If these are example addresses, they should be changed.

[BA] They are not example addresses.

Miscellaneous warnings:

----------------------------------------------------------------------------

No issues found here.

Checking references for intended status: Proposed Standard

----------------------------------------------------------------------------

-- Looks like a reference, but probably isn't: '4' on line 1008
'0-1 0 0 1 0 24 State [4]...'

-- Looks like a reference, but probably isn't: '1' on line 1028
'0 0-1 0 0 0 121 Digest-HA1 [1][2]...'

-- Looks like a reference, but probably isn't: '2' on line 1028
'0 0-1 0 0 0 121 Digest-HA1 [1][2]...'

-- Looks like a reference, but probably isn't: '3' on line 1018
'0-1 0 0 0-1 0-1 111 Digest-Algorithm [3]...'

== Missing Reference: 'Note 1' is mentioned on line 1039, but not
defined
'[Note 1] Digest-HA1 MUST be used instead of Digest-Response-Auth...'

-- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 1'

== Missing Reference: 'Note 2' is mentioned on line 1042, but not
defined
'[Note 2] Digest-Response-Auth MUST be used instead of Digest-HA1...'

-- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 2'

== Missing Reference: 'Note 3' is mentioned on line 1045, but not
defined
'[Note 3] If Digest-Algorithm is missing, 'MD5' is assumed....'

-- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 3'

== Missing Reference: 'Note 4' is mentioned on line 1047, but not
defined
'[Note 4] An Access-Challenge MUST contain a State attribute, whic...'

-- Possible downref: Undefined Non-RFC (?) reference : ref. 'Note 4'

** Downref: Normative reference to an Informational RFC: RFC 3579

-- Obsolete informational reference (is this intentional?): RFC 2069
(Obsoleted by RFC 2617)

[BA] This is intentional.

Summary: 3 errors (**), 4 warnings (==), 9 comments (--).

(1.h) Has the document split its references into normative and informative?

Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the strategy for their completion? Are there
normative references that are

downward references, as described in [RFC3967]? If so, list these downward
references to support the Area Director in the Last Call procedure for them
[RFC3967].

The document splits normative and informative references.
There are no normative references to IDs.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body of the
document? If the document specifies protocol extensions, are reservations
requested in appropriate IANA registries? Are the IANA registries clearly
identified? If the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation procedure for
future registrations? Does it suggest a reasonable name for the new
registry? See [RFC2434]. If the document describes an Expert

Review process has Shepherd conferred with the Responsible Area Director so
that the IESG can appoint the needed Expert during the IESG Evaluation?

I have verified that the IANA consideration exists and is consistent with
the
body of the document. The inconsistency in RFC 4590 was the reason why this
document needed to be produced.

(1.j) Has the Document Shepherd verified that sections of the document that
are written in a formal language, such as XML code, BNF rules, MIB
definitions,
etc., validate correctly in an automated checker?

This document does not contain sections written in a formal language.

(1.k) The IESG approval announcement includes a Document Announcement
Write-Up.

Please provide such a Document Announcement Write-Up? Recent examples can be
found in the "Action" announcements for approved documents. The approval
announcement contains the following sections:

- Technical Summary

This document defines an extension to the Remote Authentication Dial-
In User Service (RADIUS) protocol to enable support of Digest
Authentication, for use with HTTP-style protocols like the Session
Initiation Protocol (SIP) and HTTP.

- Working Group Summary

Working Group discussion largely centered on whether the issues
identified in RFC 4590 could be fixed via an errata or whether
a new RFC was required. Due to conflicts between the RFC 4590 text
and the parameters allocated by IANA, it was decided that a new
RFC would be needed, so as to avoid potential interoperability
problems.

- Document Quality

This document is needed to address a problem in the IANA allocations for
Digest Authentication as well as several errata that were found after the
publication of RFC 4590. At this point, we believe that RFC 4590bis
addresses
all issues raised since the publication of RFC 4590.

- Personnel

Bernard Aboba is the document shepherd. The responsible Area Director is
Dan Romascanu. No IANA expert is needed.
2007-04-09
02 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2007-03-22
01 (System) New version available: draft-ietf-radext-rfc4590bis-01.txt
2007-01-02
00 (System) New version available: draft-ietf-radext-rfc4590bis-00.txt