|
At IETF 70, we discussed the applicability of RFC
4107 to RADIUS Crypto-agility requirements.
The consensus within the room was that Automated
Key Management should not be added to the list
of Crypto-agility requirements.
This is a call for RADEXT WG mailing list consensus
on this issue. Does the mailing list agree
that Automated Key Management is not a requirement
for a RADIUS Crypto-agility solution?
Some of the arguments made include:
1. While automated key management may prove
convenient in some circumstances (e.g. EDUROAM),
the demand is by no means universal, nor is the
pain of the current manual keying environment considered
acute by most customers.
2. RFC 4107 criteria do not apply to a RADIUS
crypto-agile solution:
a. RADIUS
client-server communication is not an N^2 problem (except perhaps in the
roaming
situation where end-to-end protection is being
provided).
b. One of the goals of RADIUS crypto-agility
is to remove the use of stream
ciphers.
c. RADIUS traffic is generally
light enough that a credible ciphersuite would
not require rekey for a long time.
So, does the WG agree with these arguments?
Please respond to the list even if you have no new arguments
to add, if only to say that you agree (or disagree)
with the consensus in the room at IETF 70.
|