[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Continued discussion of RADIUS Crypto-Agility
David B. Nelson wrote:
> Leif Johansson writes...
>
>
>> That is absolutely "roll your own" - RFC3394 is AES which is
>> crypto not a security protocol.
>>
>
> No. RFC 3394 is "Advanced Encryption Standard (AES) Key Wrap Algorithm".
> That's not simply a definition of AES (crypto), which is normatively defined
> in FIPS-197. It's a specific application of crypto for key wrapping. It is
> not a key agreement, key distribution or key management protocol, of course.
>
>
>
Sorry I was not clear enough. What I meant to say is that in order
to deploy radius+keywrap you actually need all of those things and
they are (relatively) well understood in tls.
Cheers Leif
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>