[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: E2E and crypto-agility



 What is "end to end" ?

I think it means something like "protection of RADIUS attributes from
disclosure to parties other than the NAS and home server".
 I don't see how we could do NAS to home server key transport in
RADIUS. So the answer is (I think) "No".

In the AAA WG there were a number of mechanisms investigated by
which a NAS and home server could derive a key that could be
used to protect attributes from disclosure to proxies.  These methods
included Kerberos and CMS.  For example, see:
http://www.watersprings.org/pub/id/draft-kaushik-radius-sec-ext-06.txt

So I think the question is not "can it be done?" but rather "how does this relate to RADIUS crypto-agility?" and
"should solving this problem be a requirement?"









--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>