Forwarding to the RADEXT list for a non-subscriber. Sam Hartman wrote:
Hi. I think that the applicability of RFC 4107 to radius crypto agility work is kind of complicated. I guess my main question is who is driving the work, who will use it. My personal opinion is that updating radius crypto agility without adding some form of automated key management doesn't have a lot of value and may not be worth doing. However if there are users and implementers who see the value in doing the crypto agility updates, then perhaps it makes sense to do. So, my question to you is what is driving this work besides a desire to be good security citizens?
--- Begin Message ---
- To: "David B. Nelson" <dnelson@elbrysnetworks.com>
- Subject: Re: Reminder: automated key management is often required for new protocols
- From: Sam Hartman <hartmans-ietf@mit.edu>
- Date: Wed, 14 Nov 2007 09:47:33 -0500
- Cc: <radiusext@ops.ietf.org>
- Delivered-to: dnelson@elbrysnetworks.com
- In-reply-to: <015901c8263b$38ff71d0$091716ac@xpsuperdvd2> (David B. Nelson's message of "Tue, 13 Nov 2007 16:21:58 -0500")
- References: <BAY117-F33204AA79CFE4EDD62D5A093D40@phx.gbl> <015901c8263b$38ff71d0$091716ac@xpsuperdvd2>
- User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
Hi. I think that the applicability of RFC 4107 to radius crypto agility work is kind of complicated. I guess my main question is who is driving the work, who will use it. My personal opinion is that updating radius crypto agility without adding some form of automated key management doesn't have a lot of value and may not be worth doing. However if there are users and implementers who see the value in doing the crypto agility updates, then perhaps it makes sense to do. So, my question to you is what is driving this work besides a desire to be good security citizens?
--- End Message ---