On Mar 15, 2023, at 3:57 PM, Paul Wouters <paul.wouters=40aiven...@dmarc.ietf.org> wrote: > > Yes it is superior but because you say you are targeting that, it makes the > radius setups without TLS or IPsec out of scope and I think that’s wrong.
Perhaps it's best to just delete that sentence? These options should be secured by RADIUS, and used in environments where RADIUS is (allegedly) secure. This means IPSec / TLS / management networks. If RADIUS administrators want to send insecure UDP packets over the wider Internet, then there's a lot more information than this which will get leaked. Alan DeKok. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
