[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility Requirements for RADIUS"
Here is text for section 4.6:
"[RFC 4107] provides guidelines for when automated key management is
necessary. At the IETF-70 meeting, and leading up to that meeting, the
RADEXT WG debated whether or not RFC 4107 would require a RADIUS
Crypto-Agility solution to feature Automated Key Management (AKM). The
working group determined that AKM was not inherently required for RADIUS
based on the following points:
o RFC 4107 requires AKM for protocols that involve O(n^2) keys. This
does not apply to RADIUS deployments, which require O(n) keys
o RADIUS does not require he encryption of large amounts of data in a
o Organizations already have operational practices to manage existing
RADIUS shared secrets to address key changes required through personnel
o The crypto agility solution can avoid use cryptographic modes of
operation such as a counter mode cipher that require frequent key
Automated key management is required for RADIUS crypto agility solutions
that use cryptographic modes of operation that require frequent key
I'm not sure what to provide for text for negotiation, because RADIUS
does not support capability negotiation.
> -----Original Message-----
> From: David B. Nelson [mailto:firstname.lastname@example.org]
> Sent: Monday, October 13, 2008 10:21 AM
> To: Joseph Salowey (jsalowey)
> Cc: email@example.com
> Subject: RE: REMINDER: RADEXT WG Last Call on "Crypto-Agility
> Requirements for RADIUS"
> > > [Joe] There is some confusion.
> > I think an example packet exchange, showing how the client
> and server
> > "negotiate" the algorithm they will mutually use would be helpful.
> > > [Joe] I'll try to provide some text by the end of the week.
> > Thanks.
> PING! :-)
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.