[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Re: Continued discussion of RADIUS Crypto-Agility]

To: Dan Harkins <dharkins@lounge.org>
Subject: [Re: Continued discussion of RADIUS Crypto-Agility]
From: Leif Johansson <leifj@it.su.se>
Date: Fri, 10 Aug 2007 09:47:13 +0200
Cc: Stefan Winter <stefan.winter@restena.lu>, Bernard Aboba <bernard_aboba@hotmail.com>, radiusext@ops.ietf.org
In-reply-to: <50522.69.12.173.8.1186689669.squirrel@www.trepanning.net>
References: <BAY117-F28B64B0EA1942F20FDAAA293E90@phx.gbl> <200708081405.38669.stefan.winter@restena.lu> <46B9D1BC.1090108@it.su.se> <50522.69.12.173.8.1186689669.squirrel@www.trepanning.net>
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

Dan Harkins wrote:
>   Hello,
>
> On Wed, August 8, 2007 7:22 am, Leif Johansson wrote:
> [snip]
>   
>> There are two fundamental ways to address this problem: reference
>> some work or roll your own. Radius+DTLS and RadSec fall into the
>> first category, keywrap falls into the second category.
>>     
>
>   I have to disagree. Keywrap is not "roll your own". It uses RFC3394
> which itself describes a NIST specification of a mode of AES that came
> out of a draft standard from X9.102. It has received extensive vetting.
> The authors of the keywrap draft are proposing to use an existing
> standard to solve the problem it was created to solve-- cryptographically
> protecting keying material in transit.
>
>   Dan.
>
>   
Another thing that bothers me is the direct reference to AES.

Introducing a dependency on any one algorithm does not
constitute agility in any sense of the word. The point (imho) is
not to demonstrate how much we trust AES today but to make
sure radius doesn't have to go through this again when AES
needs replacing.

    Cheers Leif

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: [Re: Continued discussion of RADIUS Crypto-Agility]
  - From: "Dan Harkins" <dharkins@lounge.org>
- RE: [Re: Continued discussion of RADIUS Crypto-Agility]
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "David B. Nelson" <d.b.nelson@comcast.net>

References:
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Stefan Winter <stefan.winter@restena.lu>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Leif Johansson <leifj@it.su.se>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: "Dan Harkins" <dharkins@lounge.org>

Prev by Date: Re: Continued discussion of RADIUS Crypto-Agility
Next by Date: RE: Continued discussion of RADIUS Crypto-Agility
Previous by thread: Re: Continued discussion of RADIUS Crypto-Agility
Next by thread: RE: Continued discussion of RADIUS Crypto-Agility
Index(es):
- Date
- Thread