IETF Interim: RADIUS EXTensions (RADEXT) 2026-02-25 14:00

The interim IETF meeting focused on the RADIUS Extensions (RADEXT) draft, which has passed last call and is slated for a March 5 telechat before moving to the RFC editor. Participants reviewed remaining GitHub issues, clarified procedural steps, and confirmed that the document is in its final polishing stage. Key technical decisions emerged: zero‑RT is now explicitly prohibited because its limited benefit does not outweigh replay‑attack concerns, and the term “configured trust base” remains undefined, inviting community input. The group debated whether to mandate ALPN support; the vote favored a non‑mandatory recommendation, with implementers cautioning about legacy compatibility. Additionally, a proposal to introduce a hybrid X509‑PSK trust model was raised as a potential quantum‑resistant path. Russ Housley’s review highlighted the zero‑RT change and the need for a clear definition of configured trust base. Implementers voiced practical concerns: some already have ALPN flags in code, others warned that mandating it could break older deployments. A quick poll showed no consensus for a mandatory ALPN clause, reinforcing the decision to keep it optional but encouraged. The outcomes shape the forthcoming RFC: prohibiting zero‑RT tightens security, while the optional ALPN language balances forward‑looking features with backward compatibility. The quantum‑safe X509‑PSK suggestion signals future work, and the remaining GitHub issues must be resolved before editorial submission, influencing timelines for vendors and network operators planning to adopt the new extensions.