Presumably, a crypto-agility solution would provide authentication/integrity protection for every packet, including Access-Requests. |
However, this would still allow an Access-Request to be replayed.
RFC 5176 Section 6.3 has a discussion of replay protection, which would seem to apply here. Basically, that section talks about either using transmission layer security for replay protection, or including an Event-Timestamp attribute.
IMHO, one way to address this portion of Pasi's review would be to require that solutions support replay-protection for every packet.
Subject: Crypto-agility requirements: Replay protection concern
Date: Sun, 28 Jun 2009 13:59:48 -0700