[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Re: Continued discussion of RADIUS Crypto-Agility]
Dan Harkins wrote:
> Hello,
>
> On Wed, August 8, 2007 7:22 am, Leif Johansson wrote:
> [snip]
>
>> There are two fundamental ways to address this problem: reference
>> some work or roll your own. Radius+DTLS and RadSec fall into the
>> first category, keywrap falls into the second category.
>>
>
> I have to disagree. Keywrap is not "roll your own". It uses RFC3394
> which itself describes a NIST specification of a mode of AES that came
> out of a draft standard from X9.102. It has received extensive vetting.
> The authors of the keywrap draft are proposing to use an existing
> standard to solve the problem it was created to solve-- cryptographically
> protecting keying material in transit.
>
> Dan.
>
>
Another thing that bothers me is the direct reference to AES.
Introducing a dependency on any one algorithm does not
constitute agility in any sense of the word. The point (imho) is
not to demonstrate how much we trust AES today but to make
sure radius doesn't have to go through this again when AES
needs replacing.
Cheers Leif
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>