[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Continued discussion of RADIUS Crypto-Agility

To: <radiusext@ops.ietf.org>
Subject: RE: Continued discussion of RADIUS Crypto-Agility
From: "David B. Nelson" <d.b.nelson@comcast.net>
Date: Fri, 10 Aug 2007 08:22:31 -0400
In-reply-to: <200708100800.29887.stefan.winter@restena.lu>
References: <BAY117-F28B64B0EA1942F20FDAAA293E90@phx.gbl> <200708091559.51253.stefan.winter@restena.lu> <4C0FAAC489C8B74F96BEAD85EAEB262504C8A9BB@xmb-sjc-215.amer.cisco.com> <200708100800.29887.stefan.winter@restena.lu>

Stefan Winter writes...

> The point I tried to make was that the *security properties*
> of a protocol can be made mostly independent of the layer 4 
> transport.

I agree.

It seems to me that the decision tree for the RADEXT crypto-agility work
would be something like:

Internal security or external security?

(Internal means defined within the application layer PDUs.)

If internal, then keywrap & encrypted attributes or something else yet to be
offered.

If external, then DTLS or TLS? (Or something else yet to be offered.)

I think it would help the discussion to debate the pros and cons of these
choices.

Glen has explained to us why he thinks that TLS is excluded on procedural
grounds (charter exclusion).  I haven't heard much debate about the relative
merits of an internal vs. external solution.




--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Alan DeKok <aland@deployingradius.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Leif Johansson <leifj@it.su.se>

References:
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "Glen Zorn \(gwz\)" <gwz@cisco.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Stefan Winter <stefan.winter@restena.lu>

Prev by Date: RE: Continued discussion of RADIUS Crypto-Agility
Next by Date: Re: Continued discussion of RADIUS Crypto-Agility
Previous by thread: Re: Continued discussion of RADIUS Crypto-Agility
Next by thread: Re: Continued discussion of RADIUS Crypto-Agility
Index(es):
- Date
- Thread