[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Crypto-agility requirements: Hop-by-hop vs. end-to-end (from Issue 303)

To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: Crypto-agility requirements: Hop-by-hop vs. end-to-end (from Issue 303)
From: Bernard Aboba <bernard_aboba@hotmail.com>
Date: Sun, 28 Jun 2009 14:01:41 -0700

Hop-by-hop/end-to-end:

The document currently considers only "hop-by-hop" security
mechanisms, not any "end-to-end" protection (across proxies). I think
this is OK and perfectly reasonable -- but the document should say this,
and explain what this means for interpreting RFC 4962

Much of RFC 4962 is open to multiple interpretations, and some parts
of it can be read as requiring more than hop-by-hop security.  IMHO
exactly the same parts can also be read as saying hop-by-hop can be
sufficient (when done properly), and I think this document should
explicitly say it's interpreting 4962 the latter way. (And once the
document has this explanation, you might want to run it by some other
ADs, too -- e.g. Tim and Russ)

Follow-Ups:
- RE: Crypto-agility requirements: Hop-by-hop vs. end-to-end (from Issue 303)
  - From: Bernard Aboba <bernard_aboba@hotmail.com>

Prev by Date: Crypto-agility requirements: Forward Secrecy concern (from Issue 303)
Next by Date: Crypto-agility requirements: Automated Key Management concern (from Issue 303)
Previous by thread: Crypto-agility requirements: Forward Secrecy concern (from Issue 303)
Next by thread: RE: Crypto-agility requirements: Hop-by-hop vs. end-to-end (from Issue 303)
Index(es):
- Date
- Thread