[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Continued discussion of RADIUS Crypto-Agility
David B. Nelson wrote:
> Glen has explained to us why he thinks that TLS is excluded on procedural
> grounds (charter exclusion). I haven't heard much debate about the relative
> merits of an internal vs. external solution.
An internal solution involves changing the internal RADIUS
implementation of servers and clients. An external solution involves
encapsulating RADIUS as-is in another transport stream.
Having spent time poking the internals of RADIUS servers and clients,
I would prefer to avoid doing more of that. Many RADIUS implementations
are fragile. Changing them, or trying to inter-operate with them is
problematic.
If we leverage (D)TLS, we gain the interoperability tests done for
every other protocol (HTTP, SIP, etc.). We gain the momentum behind
security fixes to implementations or protocol designs.
An internal implementation involves yet another RADIUS-specific thing.
Alan DeKok.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>