[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Continued discussion of RADIUS Crypto-Agility

To: leifj@it.su.se, dharkins@lounge.org
Subject: Re: Continued discussion of RADIUS Crypto-Agility
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Sat, 11 Aug 2007 11:29:01 -0700
Bcc:
Cc: d.b.nelson@comcast.net, radiusext@ops.ietf.org
In-reply-to: <46BD7A6C.2000508@it.su.se>

You can use x509 as a key-only mechanism too. Just configure
each radius endpoint with a self-signed cert and use the (say)
fingerprint to express trust. That is equivalent (in terms of
the work involved) to a shared-secret database and can be
automated (in tools) almost the same way.


Is this something that current RADSEC implementations support?



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Leif Johansson <leifj@it.su.se>

References:
- Re: Continued discussion of RADIUS Crypto-Agility
  - From: Leif Johansson <leifj@it.su.se>

Prev by Date: Re: Continued discussion of RADIUS Crypto-Agility
Next by Date: Re: Continued discussion of RADIUS Crypto-Agility
Previous by thread: Re: Continued discussion of RADIUS Crypto-Agility
Next by thread: Re: Continued discussion of RADIUS Crypto-Agility
Index(es):
- Date
- Thread