Re: Continued discussion of RADIUS Crypto-Agility

[Leif Johansson <leifj@it.su.se>]

David B. Nelson wrote:
> Leif Johansson writes...
>
>   
>> That is absolutely "roll your own" - RFC3394 is AES which is
>> crypto not a security protocol.
>>     
>
> No.  RFC 3394 is "Advanced Encryption Standard (AES) Key Wrap Algorithm".
> That's not simply a definition of AES (crypto), which is normatively defined
> in FIPS-197.  It's a specific application of crypto for key wrapping.  It is
> not a key agreement, key distribution or key management protocol, of course.
>
>
>   
Sorry I was not clear enough. What I meant to say is that in order
to deploy radius+keywrap you actually need all of those things and
they are (relatively) well understood in tls.

    Cheers Leif


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>