[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 282: cipher suites, discussion needed

To: "'Joseph Salowey \(jsalowey\)'" <jsalowey@cisco.com>, "'Stefan Winter'" <stefan.winter@restena.lu>
Subject: RE: Issue 282: cipher suites, discussion needed
From: "Glen Zorn" <glenzorn@comcast.net>
Date: Tue, 17 Feb 2009 19:42:22 +0700
Cc: <radiusext@ops.ietf.org>
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE507739D2B@xmb-sjc-225.amer.cisco.com>
References: <AC1CFD94F59A264488DC2BEC3E890DE506F645A0@xmb-sjc-225.amer.cisco.com> <49929691.8000208@restena.lu> <AC1CFD94F59A264488DC2BEC3E890DE507739D2B@xmb-sjc-225.amer.cisco.com>

Joseph Salowey [mailto:jsalowey@cisco.com] writes:

> You could just leave this to the TLS specification.  For version 1.0
> and 1.1 it is TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and for 1.2 it is
> TLS_RSA_WITH_AES_128_CBC_SHA.   If it is common today for
> implementations also to implement the RC4 ciphers you can have that as
> a recommendation as well.  Something like:
> 
> "RADSEC implementation MUST support he mandatory to implement cipher
> suites specified in TLS.  For purposes of compatibility with some
> current deployments implementations SHOULD support
> TLS_RSA_WITH_RC4_128_SHA as well."

Seems like a good idea to me.

> 
> Cheers,
> 
> Joe
> 
> > -----Original Message-----
> > From: Stefan Winter [mailto:stefan.winter@restena.lu]
> > Sent: Wednesday, February 11, 2009 1:13 AM
> > To: Joseph Salowey (jsalowey)
> > Cc: radiusext@ops.ietf.org
> > Subject: Issue 282: cipher suites, discussion needed
> >
> > Hi,
> >
> > > 3.  I'm not sure I understand the choice of ciphersuites.
> > >
> > > Why is TLS_RSA_WITH_RC4_128_SHA recommended?  It seems that
> > it would
> > > be much preferable to use AES or 3DES?
> > >
> >
> > I could use a little help here. Is there anyone willing to
> > investigate cipher suite selection? An alternative would be
> > to follow the path of e.g. the EAP tunnel reqs, which cite
> > NIST references for acceptable cipher suites...
> >
> > Greetings,
> >
> > Stefan Winter
> >
> > --
> > Stefan WINTER
> > Ingenieur de Recherche
> > Fondation RESTENA - Réseau Téléinformatique de l'Education
> > Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi
> > L-1359 Luxembourg
> >
> > Tel: +352 424409 1
> > Fax: +352 422473
> >
> >
> 
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Issue 282: cipher suites, discussion needed
  - From: Stefan Winter <stefan.winter@restena.lu>

References:
- Issue 282: cipher suites, discussion needed
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Issue 282: cipher suites, discussion needed
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>

Prev by Date: Design Guidelines document
Next by Date: RE: Design Guidelines document
Previous by thread: RE: Issue 282: cipher suites, discussion needed
Next by thread: Re: Issue 282: cipher suites, discussion needed
Index(es):
- Date
- Thread