[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Continued discussion of RADIUS Crypto-Agility

To: "David B. Nelson" <d.b.nelson@comcast.net>
Subject: Re: Continued discussion of RADIUS Crypto-Agility
From: Alan DeKok <aland@deployingradius.com>
Date: Fri, 10 Aug 2007 09:27:27 -0400
Cc: radiusext@ops.ietf.org
In-reply-to: <004901c7db49$20379e80$6401a8c0@NEWTON603>
References: <BAY117-F28B64B0EA1942F20FDAAA293E90@phx.gbl> <200708091559.51253.stefan.winter@restena.lu> <4C0FAAC489C8B74F96BEAD85EAEB262504C8A9BB@xmb-sjc-215.amer.cisco.com> <200708100800.29887.stefan.winter@restena.lu> <004901c7db49$20379e80$6401a8c0@NEWTON603>
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

David B. Nelson wrote:
> Glen has explained to us why he thinks that TLS is excluded on procedural
> grounds (charter exclusion).  I haven't heard much debate about the relative
> merits of an internal vs. external solution.

  An internal solution involves changing the internal RADIUS
implementation of servers and clients.  An external solution involves
encapsulating RADIUS as-is in another transport stream.

  Having spent time poking the internals of RADIUS servers and clients,
I would prefer to avoid doing more of that.  Many RADIUS implementations
 are fragile.  Changing them, or trying to inter-operate with them is
problematic.

  If we leverage (D)TLS, we gain the interoperability tests done for
every other protocol (HTTP, SIP, etc.).  We gain the momentum behind
security fixes to implementations or protocol designs.

  An internal implementation involves yet another RADIUS-specific thing.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "Glen Zorn $gwz$" <gwz@cisco.com>
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Continued discussion of RADIUS Crypto-Agility
  - From: "David B. Nelson" <d.b.nelson@comcast.net>

Prev by Date: Re: Continued discussion of RADIUS Crypto-Agility
Next by Date: RE: [Re: Continued discussion of RADIUS Crypto-Agility]
Previous by thread: Re: Continued discussion of RADIUS Crypto-Agility
Next by thread: RE: Continued discussion of RADIUS Crypto-Agility
Index(es):
- Date
- Thread