[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Continued discussion of RADIUS Crypto-Agility



David B. Nelson <> allegedly scribbled on Tuesday, July 31, 2007 9:08
AM:

> I will be working on the minutes for the RADEXT WG session at IETF-69
> in the next week or so.  In the meantime, I would like to very
> briefly summarize the discussion of the RADIUS Crypto-Agility work
> item held during IETF-69 and strongly encourage that discussion to
> continue here on the list.    
> 
> The presentations may be found at:
> 
> https://datatracker.ietf.org/meeting/69/materials.html
> 
> Scroll down to the RADEXT section.
> 
> Three potential solutions were discussed:
> 
> (a) RADIUS Key-Wrap and RADIUS Encrypted Attributes (Zorn, et. al.)
> 
> (b) RADIUS over DTLS (DeKok)
> 
> (c) RADIUS over TLS, a.k.a. RADSEC (Winter, et. al.)
> 
> The first two proposals are within the scope of the current RADEXT WG
> charter.  The third proposal is currently out of scope, because it
> encompasses a new transport layer protocol for RADIUS (TCP).  

Not only is it out of scope of the charter, it directly violates a
number of the restrictions placed on the crypto-agility submissions from
the actual members of the WG.  I, for one, have at least been aware of
the RADSEC activities for a couple of years now but for some reason they
have not deigned to inform the radext WG of them until now.  To 1)
ignore our charter (not to mention the (at best) disingenuous '?'
regarding it in the presentation) and 2) ignore the written requirements
that every one else had to follow seems to me at the very least
arrogant.  Note that I am _not_ 'hostile to the idea' -- I am, however,
hostile toward arrogant academics proffering "new" schemes (that have
been around for years in one form or another) in direct contradiction of
the rules the rest of us (who actually participate in the WG, not just
drop by with our works of genius ;-) must follow.  Therefore, I must
insist that the RADSEC proposal be treated as only a an informative
presentation (in the nature of an informative liaison) and not accepted
as a candidate for the crypto-agility solution.  

...

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>