[{"author": "Alan DeKok", "text": "<p>Apologies to Christopher to making him look at 1993 era technology :(</p>", "time": "2026-03-19T08:31:12.000Z"}, {"author": "Paul Wouters", "text": "<p>tacaccs?</p>", "time": "2026-03-19T08:31:43.000Z"}, {"author": "Alexander Clouter", "text": "<p>could be worse, could be from 2026 :)</p>", "time": "2026-03-19T08:31:47.000Z"}, {"author": "Alan DeKok", "text": "<p>tacacs is 1997.  so a new comer!</p>", "time": "2026-03-19T08:32:00.000Z"}, {"author": "Margaret Cullen", "text": "<p>RADIUS: 30 years old and still going strong!</p>", "time": "2026-03-19T08:32:08.000Z"}, {"author": "Alan DeKok", "text": "<p>if there's controversy, it's more important to get the document published than to address 30 year-old issues.  Just a sentence on \"PMTU is hard, be aware of it\"</p>", "time": "2026-03-19T08:46:26.000Z"}, {"author": "Paul Wouters", "text": "<p>hard to hear you valery</p>", "time": "2026-03-19T08:47:13.000Z"}, {"author": "Paul Wouters", "text": "<p>yeah i dont think that is needed</p>", "time": "2026-03-19T08:48:35.000Z"}, {"author": "Paul Wouters", "text": "<p>yes what margaret says</p>", "time": "2026-03-19T08:49:38.000Z"}, {"author": "Valery Smyslov", "text": "<p>@Paul: Should I speak loudly?</p>", "time": "2026-03-19T08:52:03.000Z"}, {"author": "Margaret Cullen", "text": "<p>I agree with Chris and Paul. There is no need for any changes that would invalidate existing implementions or change anything that is sent over the \"wire\".</p>", "time": "2026-03-19T08:52:28.000Z"}, {"author": "Margaret Cullen", "text": "<p>Should we talk to the EMU group about deprecathing EAP-PAP and EAP-MSCHAP?</p>", "time": "2026-03-19T09:03:26.000Z"}, {"author": "Alan DeKok", "text": "<p>EAP-MSCHAP is an expired I-D.  :(</p>\n<p>CHAP and MS-CHAP are safe when used inside of a tunnel, e.g. TTLS or PEAP.  TTLS is informational, and PEAP is an expired I-D.</p>", "time": "2026-03-19T09:04:22.000Z"}, {"author": "Margaret Cullen", "text": "<p>PEAP is an expired ID, but it is also (by far) the most widely used EAP method in US eduroam... :0(</p>", "time": "2026-03-19T09:06:35.000Z"}, {"author": "Heikki Vatiainen", "text": "<p>A document that says the various CHAPs shouldn't be used would also be useful because CHAP especially doesn't allow password hashes on the authentication server side.</p>", "time": "2026-03-19T09:06:37.000Z"}, {"author": "Margaret Cullen", "text": "<p>I wonder if we should formally deprecate using MS-CHAP and PAP outside of seure EAP tunnels?  Specifically because we don't want anyone to decide they would be safe to use in RadSec?</p>", "time": "2026-03-19T09:08:13.000Z"}, {"author": "Christian Giese", "text": "<p>I like more the statement to consider CHAP as insecure as plaintext, but it will continued to be used for CPE interoperability. So would not say depreciated or should not be used.</p>", "time": "2026-03-19T09:09:14.000Z"}, {"author": "Christopher Inacio", "text": "<p>he hasn't</p>\n<p>but he knows Paul's contact info</p>", "time": "2026-03-19T09:09:14.000Z"}, {"author": "Paul Wouters", "text": "<p>yes Chris will need to continue the recharter process</p>", "time": "2026-03-19T09:09:50.000Z"}, {"author": "Paul Wouters", "text": "<p>Deb and I will help him pressing the right buttons</p>", "time": "2026-03-19T09:10:33.000Z"}, {"author": "Alan DeKok", "text": "<p>@christian - I think the security reviews will raise a red flag if we don't deprecate something which sends clear-text passwords across the internet</p>", "time": "2026-03-19T09:17:35.000Z"}, {"author": "Alan DeKok", "text": "<p>so the document really needs to deprecate CHAP.  CPEs can still use it for historical reasons, of course.  a \"deprecation\" statement does not forbid people from continuing with existing practices</p>", "time": "2026-03-19T09:18:29.000Z"}, {"author": "Christian Giese", "text": "<p>I'm just looking from a point of view from maybe hundreds of millions of PPPoE based CPE devices for broadband access using PAP and CHAP.</p>", "time": "2026-03-19T09:18:53.000Z"}, {"author": "Paul Wouters", "text": "<p>thanks for the meeting. i will go sleep now :)</p>", "time": "2026-03-19T09:21:39.000Z"}, {"author": "Paul Wouters", "text": "<p>also lack of sleep :)</p>", "time": "2026-03-19T09:21:48.000Z"}, {"author": "Alan DeKok", "text": "<p>yes.  Like the BlastRADIUS issue, a lot of people went \"meh, we'll eventually address that\".</p>\n<p>The goal of the document is really to highlight the security issues, and to encourage people to move to secure practices</p>", "time": "2026-03-19T09:21:58.000Z"}, {"author": "Heikki Vatiainen", "text": "<p>The CHAP variants don't allow storing strong password hashes. A document that points out this too would be useful</p>", "time": "2026-03-19T09:23:10.000Z"}, {"author": "Alan DeKok", "text": "<p>the \"review RADIUS\" document has a long section about data storage and CHAP vs PAP</p>", "time": "2026-03-19T09:23:38.000Z"}, {"author": "Heikki Vatiainen", "text": "<p>That's good</p>", "time": "2026-03-19T09:24:05.000Z"}, {"author": "Alan DeKok", "text": "<p>in part to address the many, many, nonsensical pages on the net which claim \"CHAP is more secure than PAP\".  which are all based in the same ~1997 era article</p>", "time": "2026-03-19T09:26:40.000Z"}, {"author": "Margaret Cullen", "text": "<p>Thank you, everyone!</p>", "time": "2026-03-19T09:29:34.000Z"}, {"author": "Paul Wouters", "text": "<p>thanks and goodnight!</p>", "time": "2026-03-19T09:29:37.000Z"}, {"author": "Alan DeKok", "text": "<p>thanks everyone</p>", "time": "2026-03-19T09:30:45.000Z"}, {"author": "Margaret Cullen", "text": "<p>Inside RadSec isn't secure unless you have a closed network and know it won't be tunnelled to RADIUS/UDP</p>", "time": "2026-03-19T09:30:54.000Z"}, {"author": "Alan DeKok", "text": "<p>yup.  :(</p>", "time": "2026-03-19T09:31:03.000Z"}, {"author": "Joey Padden", "text": "<p>thanks everyone. my first radext meeting. Very productive.</p>", "time": "2026-03-19T09:31:14.000Z"}, {"author": "Margaret Cullen", "text": "<p>Welcome, Joey!</p>", "time": "2026-03-19T09:31:26.000Z"}, {"author": "Heikki Vatiainen", "text": "<p>Hello Joey, thanks!</p>", "time": "2026-03-19T09:31:31.000Z"}]