I see no problem here. e2e encryption is useful, and there are multiple methods where this can be done to *improve* security without making it perfect.
The question that is before the WG is "is support for e2e encryption a requirement for RADIUS crypto-agility?"
I think that this question is related to the automated key management question, because if we say that it is a requirement, then we have an
n x n problem that would seem to fall into the RFC 4107 requirementsfor automated key management.
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>