[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Continued discussion of RADIUS Crypto-Agility
Yes, at the same time Working Group meetings and mail lists can discuss
items that are candidates for future work. This includes items that do
not belong strictly within a current charter, but may become part of an
extended charter later.
We can certainly entertain a discussion of whether RADSEC is appropriate as
a RADEXT WG work item. However, I am not entirely clear that this question
is relevant to the current crypto-agility discussion (although I'm certainly
willing to be convinced otherwise).
For practical reasons, the discussion has primarily centered on mechanisms
applying to the RADIUS protocol as defined in RFC 2865. Virtually all
RADIUS implementations today are based on UDP, and this is likely to remain
the case for the forseeable future. Therefore, unless we think it is likely
that RADIUS will migrate to TCP transport *exclusively*, then a
crypto-agility solution needs to be provided for UDP transport as well. As
a result, RADSEC cannot be considered a solution to the RADIUS
crypto-agility problem as currently posed, though perhaps a combination of
DTLS and RADSEC could qualify.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.