Re: Thoughts on Requirements for RADIUS crypto-agility

[Alan DeKok <aland@nitros9.org>]

David B. Nelson wrote:
> As noted in the previous message, the first stage in the development of 
> a RADIUS crypto-agility solution is to formulate a requirements statement. 
> 
> A straw-man set of requirements is included below:

  A NIT (or question):

...
> 3. Proposals MUST support replay protection.
...
> 11. Crypto-agility solutions should not require fundamental changes to the 
> RADIUS operational model, such as the introduction of new commands or 
> maintenance of state on the RADIUS server.

  Most methods to obtain replay protection involve maintenance of some
kind of state on the RADIUS server.  Maybe global server state, or
per-client state.

  I also see reply protection as being potentially independent of crypto
work.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>