[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Continued discussion of RADIUS Crypto-Agility
Leif Johansson writes...
> Another thing that bothers me is the direct reference to AES.
> Introducing a dependency on any one algorithm does not
> constitute agility in any sense of the word. The point (imho) is
> not to demonstrate how much we trust AES today but to make
> sure radius doesn't have to go through this again when AES
> needs replacing.
The keywrap draft was originally created for the purpose of obtaining
FIPS-140 certification of an 802.11 WLAN solution. It pre-dates the RADEXT
The fact that it contains cipher-suite identifiers means that it can be
considered in the more general sense for crypto-agility. As I said in my
last post in this thread, we really need to consider the encrypted
attributes draft together with the keywrap draft to meet the RADEXT
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.