Hi, > Well, except that in order to place these things in a common category it > is necessary to ignore one of the defining characteristics of RADIUS: > that it is only and intentionally defined as a connectionless protocol. The impact of connectionless vs. connection is not very significant when discussing the protocol's *security*, IMO. > might like to believe so, RadSec is _not_ RADIUS, Well, it's _almost_ RADIUS, especially if one takes into account the mechanisms in RADIUS to detect duplication, retransmission etc, which already contains parts of the merits of TCP. > & therefore far out of > scope of not just the crypto-agility discussions but of this WG. > RADIUSoDTLS, OTOH, doesn't alter the fundamental nature of RADIUS & > therefore _is_ in scope. I have understood that DTLS is considered in scope, while RadSec is out of scope (Reminder: I never claimed otherwise). Just keep in mind that DTLS itself requires even more characteristics of TCP, so when combining the RADIUS mechanisms that come on top of UDP + the transport mechanisms in DTLS, the end result is getting very close to TCP already. So the distance between in-scope and out-of-scope is a very thin line. Greetings, Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.