[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Continued discussion of RADIUS Crypto-Agility
I will be working on the minutes for the RADEXT WG session at IETF-69 in the
next week or so. In the meantime, I would like to very briefly summarize
the discussion of the RADIUS Crypto-Agility work item held during IETF-69
and strongly encourage that discussion to continue here on the list.
The presentations may be found at:
https://datatracker.ietf.org/meeting/69/materials.html
Scroll down to the RADEXT section.
Three potential solutions were discussed:
(a) RADIUS Key-Wrap and RADIUS Encrypted Attributes (Zorn, et. al.)
(b) RADIUS over DTLS (DeKok)
(c) RADIUS over TLS, a.k.a. RADSEC (Winter, et. al.)
The first two proposals are within the scope of the current RADEXT WG
charter. The third proposal is currently out of scope, because it
encompasses a new transport layer protocol for RADIUS (TCP).
There were some spirited discussions about the pros and cons of each
approach during the meeting. I'd like to see those discussions continue on
the list.
In informal straw polls, there seemed to be a slight preference for proposal
(a) over proposal (b). There was approximately equal support for proposals
(b) and (c), however there were approximately as many in the room who
opposed proposal (c) as who supported it.
Needless to say, this does not constitute consensus. :-)
I would like to ask all those who participated in the discussion in Chicago,
was well as the rest of the members on the list, to continue this
discussion. If you have not read the relevant IDs, please read them NOW.
The chairs will be attempting to gauge, over the next few weeks, whether
there is consensus on the list to more forward with one of these proposals
as a Proposed Standard RFC.
I there is not clear consensus to pick one submission, then the chairs will
ask the WG if there is consensus to advance tow or more proposals as
Experimental RFCs, letting the market make the final selection.
We won't be waiting until IETF-70 to make this decision, as this important
charter milestone is very late. Now that several other WG work items have
been submitted to the IESG for consideration, please turn your attention to
the RADIUS Crypto-Agility work item.
Thank You!!!
Regards,
Dave Nelson
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>