[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RADEXT WG re-charter

To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
Subject: Re: RADEXT WG re-charter
From: Alan DeKok <aland@nitros9.org>
Date: Tue, 15 Apr 2008 23:48:21 +0200
Cc: radiusext@ops.ietf.org
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE505A020F0@xmb-sjc-225.amer.cisco.com>
References: <BLU137-W48C2DDC500B37865CBBD9F93F50@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE50598D1E3@xmb-sjc-225.amer.cisco.com> <BLU137-DS39DAA210AA10B0CDB138F93EC0@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE505A01761@xmb-sjc-225.amer.cisco.com> <010001c89c27$8a6ff5f0$1f0a0a0a@xpsuperdvd2> <001801c89e36$38856cf0$33da787c@arubanetworks.com> <019e01c89e3e$87835030$1f0a0a0a@xpsuperdvd2> <001d01c89e4f$53bed740$33da787c@arubanetworks.com> <01b201c89e55$0cab70b0$1f0a0a0a@xpsuperdvd2> <AC1CFD94F59A264488DC2BEC3E890DE505A020F0@xmb-sjc-225.amer.cisco.com>
User-agent: Thunderbird 2.0.0.12 (X11/20080227)

Joseph Salowey (jsalowey) wrote:
> There are a few reasons why you would want to wrap keys separately from
> other data.  As you mentioned, the recommended algorithms for key wrap
> may not be suitable for encrypting bulk data without special
> consideration and some bulk data encryption algorithms may not be
> recommended for key wrap without special consideration.  Another reason
> is that you may want the entity that handles the keys and their context
> to be different from the entity that handles the rest of the attributes.

  i.e. distributing wireless keys to a NAS.  For reasons outlined in RFC
3538, RadSec is likely not a good idea for NAS -> local AAA
communications.  DTLS is better for transport, but still may be
difficult for some to implement.  Encrypting only the keys is likely
sufficient.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RADEXT WG re-charter
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- Re: RADEXT WG re-charter
  - From: <Bernard_Aboba@hotmail.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>

Prev by Date: Re: Consensus Call on RADEXT WG re-charter
Next by Date: RE: Consensus Call on RADEXT WG re-charter
Previous by thread: RE: RADEXT WG re-charter
Next by thread: RE: RADEXT WG re-charter
Index(es):
- Date
- Thread