There is a desire to use NIST-approved key-wrap algorithms for wrapping keys, and those algorithms are inappropriate for general-purpose data encryption.
I'm not sure why this is a problem. The encrypted attributecontainer can include an algorithm field, so that it would be possible to encrypt one bag of attributes (not keys) with one algorithm, while using
a keywrap algorithm for another bag (which represent keys). A (perhaps silly) question:* Are general encryption algorithms suitable for use in encrypting keys? The Diameter EAP application has always assumed that they were. * Is there a pointer to a the limitations of keywrap algorithms?
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>