IETF 125, Shenzhen

Thursday, March 19, 2026, 16:30 - 18:00 CST (8:30 - 10:00 GMT/UTC)

Chairs: Margaret Cullen
Valery Smyslov

Note takers: Christian Giese

Administrivia and WG Status: (Chairs, 5 min)

(Datagram) Transport Layer Security (D)TLS Encryption for RADIUS (Janfred, 20 min)

draft-ietf-radext-radiusdtls-bis

Deprecating Insecure Practices in RADIUS (Alan, 5 min)

draft-ietf-radext-deprecating-radius

A Review of RADIUS Security and Privacy (Alan, 10 min)

draft-dekok-radext-review-radius

A syntax for the RADIUS Connect-Info attribute used in Wi-Fi networks (Mark, 10 min)

draft-grayson-connectinfo

Proxy Best Practices for the Remote Authentication Dial In User Service (RADIUS) Protocol (Alan, 10 min)

draft-dekok-proxy-bcp

Standardising Protocol-Error (Alan, 10 min)

draft-dekok-protocol-error

Closing: (Chairs, 5 min)

Auto-generated minutes

(https://ietfminutes.org/minutes/ietf125/radext.html)

Session Date/Time: 19 Mar 2026 08:30

Summary

The RADEXT working group met at IETF 125 to discuss the progress of the
RADIUS/(D)TLS-bis (RadSec) specification through the IESG review
process, the deprecation of insecure RADIUS practices, and several new
initiatives awaiting a formal rechartering of the group. Key topics
included addressing IESG "DISCUSS" comments on RadSec, technical
strategies for rate-limiting unauthenticated RADIUS traffic, and the
security implications of legacy authentication methods like CHAP and
MS-CHAP in modern networks.

Key Discussion Points

RADIUS/(D)TLS-bis (RadSec) Status

Presenter: Jan-Frederik Rieckers
Slides: Update on RADIUS/(D)TLS-bis (RadSec)

Deprecating Insecure Practices in RADIUS

Presenter: Alan DeKok
Draft: draft-ietf-radext-deprecating-radius
Slides: Deprecating Insecure Practices

Review of RADIUS Security

Presenter: Alan DeKok
Slides: Review of RADIUS Security

RADIUS Connect-Info and WBA Integration

Presenter: Mark Grayson
Slides: Connect-Info radext IETF 125

Protocol-Error and Proxy BCP

Presenter: Alan DeKok
Slides: Protocol-Error / Proxy BCP

Decisions and Action Items

Next Steps

  1. Finalize RadSec addresses for IESG clearance.
  2. Issue Working Group Last Call (WGLC) for
    draft-ietf-radext-deprecating-radius following its next update.
  3. Initiate adoption calls for WBA Connect-Info and Protocol-Error
    drafts once the recharter is approved (expected by late April).
  4. Develop further content for the Proxy BCP draft.