[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Continued discussion of RADIUS Crypto-Agility
Stefan Winter writes...
> The point I tried to make was that the *security properties*
> of a protocol can be made mostly independent of the layer 4
> transport.
I agree.
It seems to me that the decision tree for the RADEXT crypto-agility work
would be something like:
Internal security or external security?
(Internal means defined within the application layer PDUs.)
If internal, then keywrap & encrypted attributes or something else yet to be
offered.
If external, then DTLS or TLS? (Or something else yet to be offered.)
I think it would help the discussion to debate the pros and cons of these
choices.
Glen has explained to us why he thinks that TLS is excluded on procedural
grounds (charter exclusion). I haven't heard much debate about the relative
merits of an internal vs. external solution.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>