Re: Crypto-agility work item

["Alan DeKok" <aland@ox.org>]

...
> Are there others I've overlooked?

$ grep encrypt= freeradius/share/dictionary* | sed ....

User-Password				2	string encrypt=1
Tunnel-Password				69	string	has_tag,encrypt=2
MS-CHAP-MPPE-Keys			12	octets  encrypt=1
MS-MPPE-Send-Key			16	octets	encrypt=2
MS-MPPE-Recv-Key			17	octets	encrypt=2

  Message-Authenticator doesn't need any flags in the implementation,
so it isn't listed here.  The 'encrypt=1' means "like User-Password",
2 means "like Tunnel-Password", and (below) 3 means "like
Ascend-Send-Secret".

  We also have encrypted VSA's.

3GPP2-MN-HA-Shared-Key			58	string encrypt=2
Ascend-Send-Secret			214	string	encrypt=3
Ascend-Receive-Secret			215	string	encrypt=3
X-Ascend-Send-Secret			214	string encrypt=3
X-Ascend-Receive-Secret			215	string encrypt=3
ERX-LI-Action				58	integer	encrypt=2
ERX-Med-Dev-Handle			59	octets	encrypt=2
ERX-Med-Ip-Address			60	ipaddr	encrypt=2
ERX-Med-Port-Number			61	integer	encrypt=2
Lucent-Send-Secret			214	string encrypt=3
Lucent-Receive-Secret			215	string encrypt=3

  It looks like that's it.  The FreeRADIUS dictionaries aren't
authoritative, but they do have a large number of vendor dictionaries.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>