RE: Crypto-agility

["David B. Nelson" <d.b.nelson@comcast.net>]

Hannes Tschofenig writes...

> Can someone explain me the scope and the planned timeframe
> of the work?

We discussed what crypto-agility meant, in general, terms at IETF-68.
Basically, it means that IETF protocols that use cryptography need to have a
reasonably modular way to substitute new algorithms and modes (new cipher
suites).  As one algorithm (e.g. MD5) weakens in the face of new attacks, it
can then be replaced without redesigning the protocol and without undue
difficulty of deployment.

Designing protocols with a cipher suite identifier and/or cipher suite
negotiation is one component of this effort.  Modular implementations, that
allow crypto-libraries to "plug in" to the base protocol module is another.

In terms of RADIUS specific issues, the goal is to define alternative
cryptographic primitives to replace the use of MD5 hashes and MD5-based
stream ciphers, for things like the Message Authenticator and the "hidden"
attributes, such as User-Password.  It also encompasses the MS-PPE VSAs that
are commonly used for solutions such as IEEE 802.11 WLANs.

In RADIUS today there is only one key, the shared secret.  In any new
scheme, we need to understand what key(s) replaces the legacy shared secret
and how those keys is distributed to all parties that need them.  The goal
is not to add general-purpose key management features to RADIUS, in the way
a Kerberos KDC manages keys, for example.  That would probably be going too
far.

The current RADEXT charter page says the timeframe is "done by December
2006", so we're quite late!  :-)  Hence the sense of urgency in our
discussions.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>