[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RADEXT WG consensus on RFC 4107 applicability to RADIUS Crypto-Agility Requirements



At IETF 70, we discussed the applicability of RFC 4107 to RADIUS Crypto-agility requirements.
 
The consensus within the room was that Automated Key Management should not be added to the list
of Crypto-agility requirements.
 
This is a call for RADEXT WG mailing list consensus on this issue.   Does the mailing list agree
that Automated Key Management is not a requirement for a RADIUS Crypto-agility solution?
 
Some of the arguments made include:
 
1. While automated key management may prove convenient in some circumstances (e.g. EDUROAM),
the demand is by no means universal, nor is the pain of the current manual keying environment considered
acute by most customers.
 
2. RFC 4107 criteria do not apply to a RADIUS crypto-agile solution:
  a. RADIUS client-server communication is not an N^2 problem (except perhaps in the roaming
situation where end-to-end protection is being provided). 
  b. One of the goals of RADIUS crypto-agility is to remove the use of stream ciphers.
  c.  RADIUS traffic is generally light enough that a credible ciphersuite would not require rekey for a long time.
 
So, does the WG agree with these arguments?  Please respond to the list even if you have no new arguments
to add, if only to say that you agree (or disagree) with the consensus in the room at IETF 70.