[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: Review of draft-nakhjiri-radius-mip4-01.txt
> Wrt aaa key management requirements, I'd like to
> find out more about what the problem is.
There are a number of requirements described in the document (mutual
authentication of parties, ciphersuite negotiation, "least privilege",
disclosure avoidance, key freshness). The question is: does the key
management scheme described in the document meet these requirements?
> If its a different thing, I see a lengthy process ahead, similar to what
> people went through in RFC 4004.
I guess the main question to ask is: "What's the point?"
The document states up front that solutions already exist and are widely
deployed. It describes them as "proprietary", but multiple interoperable
implementations exist, and my understanding was that the protocol was
documented in 3GPP2 standards.
If the goal is just to document and perhaps clarify existing practice, an
Informational RFC documenting the existing VSAs will be sufficient.
If the goal is actually to produce a new version that meets the bar for
consideration as an IETF Proposed Standard, then the document needs
to meet the quality bar for that designation.