Re: Continued discussion of RADIUS Crypto-Agility

["Dan Harkins" <dharkins@lounge.org>]

  Hello,

On Wed, August 8, 2007 7:22 am, Leif Johansson wrote:
[snip]
> There are two fundamental ways to address this problem: reference
> some work or roll your own. Radius+DTLS and RadSec fall into the
> first category, keywrap falls into the second category.

  I have to disagree. Keywrap is not "roll your own". It uses RFC3394
which itself describes a NIST specification of a mode of AES that came
out of a draft standard from X9.102. It has received extensive vetting.
The authors of the keywrap draft are proposing to use an existing
standard to solve the problem it was created to solve-- cryptographically
protecting keying material in transit.

  Dan.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>