[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Progress on RADIUS Extension for Digest Authentication



> Doesn't this draft
> http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-01.txt
> solve your problem?

I believe that Section 3.2 of this document does provide for the
following:

a. Integrity protection and authentication of messages.
b. Multiple algorithm support (HMAC-MD5 & HMAC-SHA1 for starters)

My reason for suggesting that the WG consider this is that the Security
ADs have expressed concern about MD5 usage in new documents.  In addition,
NIST is likely to require a FIPS-approved MAC such as HMAC-SHA1 for FIPS
certification.  So I think that RADEXT WG will eventually need something
along these lines.  So why not bite the bullet now?

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>