Hello,
> We can certainly entertain a discussion of whether RADSEC is appropriate as
> a RADEXT WG work item. However, I am not entirely clear that this question
> is relevant to the current crypto-agility discussion (although I'm
> certainly willing to be convinced otherwise).
I agree that it is not relevant for crypto-agility discussions. As I see it,
DTLS and RadSec fall under a common category in this respect: whole packet
encryption, with encryption negotiation happening outside of RADIUS.
Basically everything that falls under {some transport}+{the equivalent of TLS
for that transport} would fall into this same class (i.e. also yet-exotic
combinations like DCCP+DTLS or SCTP+TLS would be covered). keywrap represents
a second, fundamentally different class: per-attribute encryption, with
encryption negotiation happening inside the packet.
I guess discussions re the general crypto-agility problem could focus on
discussing those two classes of approach.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.