rfc-links
RFC References — Authentication, Authorization, Network Access & Latency
This section lists foundational RFCs relevant to NAC, AAA, timing, and pre-auth traffic behavior. These documents define the protocols and architectural assumptions that directly influence latency, state handling, and enforcement reliability.
AAA, RADIUS, EAP & 802.1X
RFC 2865 — Remote Authentication Dial In User Service (RADIUS) https://datatracker.ietf.org/doc/html/rfc2865
RFC 2866 — RADIUS Accounting https://datatracker.ietf.org/doc/html/rfc2866
RFC 3579 — RADIUS Support for EAP https://datatracker.ietf.org/doc/html/rfc3579
RFC 3580 — IEEE 802.1X RADIUS Usage Guidelines https://datatracker.ietf.org/doc/html/rfc3580
RFC 3748 — Extensible Authentication Protocol (EAP) https://datatracker.ietf.org/doc/html/rfc3748
RFC 5216 — EAP-TLS Authentication Protocol https://datatracker.ietf.org/doc/html/rfc5216
Network Control, Timing & Reliability
These RFCs provide architectural guidance on latency, complexity, failure domains, and retransmission behavior, which are directly applicable to NAC control-plane design.
RFC 3439 — Some Internet Architectural Guidelines and Philosophy (Latency, complexity, failure domains) https://datatracker.ietf.org/doc/html/rfc3439
RFC 6298 — Computing TCP’s Retransmission Timer https://datatracker.ietf.org/doc/html/rfc6298
DHCP, DNS & Pre-Auth Traffic
These protocols are commonly permitted during pre-auth and therefore play a critical role in attack surface expansion under latency.
RFC 2131 — Dynamic Host Configuration Protocol (DHCP) https://datatracker.ietf.org/doc/html/rfc2131
RFC 6761 — Special-Use Domain Names https://datatracker.ietf.org/doc/html/rfc6761
Architectural Note
While these RFCs define protocol behavior, they do not guarantee security. NAC failures under latency typically arise not from protocol violations, but from:
Implicit timing assumptions
State misalignment
Enforcement that arrives after trust is granted
Protocol correctness does not imply secure composition.
Last updated