Hi,
> Well, except that in order to place
these things in a common category it
> is necessary to ignore one of the
defining characteristics of RADIUS:
> that it is only and intentionally
defined as a connectionless protocol.
The impact of connectionless vs.
connection is not very significant when
discussing the protocol's *security*,
IMO.
So I gather that as far
as you're concerned a network "protocol" solely consistes of the format of the
innermost PDU?
> might like to believe so, RadSec is
_not_ RADIUS,
Well, it's _almost_ RADIUS, especially if one takes into
account the
mechanisms in RADIUS to detect duplication, retransmission etc,
which already
contains parts of the merits of TCP.
By that logic, a cobra
is _almost_ a pidgeon.
> & therefore far out of
>
scope of not just the crypto-agility discussions but of this WG.
>
RADIUSoDTLS, OTOH, doesn't alter the fundamental nature of RADIUS &
>
therefore _is_ in scope.
I have understood that DTLS is considered in
scope, while RadSec is out of
scope (Reminder: I never claimed otherwise).
Just keep in mind that DTLS
itself requires even more characteristics of TCP,
so when combining the
RADIUS mechanisms that come on top of UDP + the
transport mechanisms in DTLS,
the end result is getting very close to TCP
already. So the distance between
in-scope and out-of-scope is a very thin
line.
Only if snakes are
almost birds...
...