[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RADEXT WG re-charter

To: <radiusext@ops.ietf.org>
Subject: RE: RADEXT WG re-charter
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
Date: Fri, 18 Apr 2008 14:18:32 -0400
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE505A78497@xmb-sjc-225.amer.cisco.com>
Organization: Elbrys Networks, Inc.
References: <BLU137-W48C2DDC500B37865CBBD9F93F50@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE50598D1E3@xmb-sjc-225.amer.cisco.com> <BLU137-DS39DAA210AA10B0CDB138F93EC0@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE505A01761@xmb-sjc-225.amer.cisco.com> <010001c89c27$8a6ff5f0$1f0a0a0a@xpsuperdvd2> <001801c89e36$38856cf0$33da787c@arubanetworks.com> <019e01c89e3e$87835030$1f0a0a0a@xpsuperdvd2> <001d01c89e4f$53bed740$33da787c@arubanetworks.com> <01b201c89e55$0cab70b0$1f0a0a0a@xpsuperdvd2> <AC1CFD94F59A264488DC2BEC3E890DE505A020F0@xmb-sjc-225.amer.cisco.com> <f72b584be124b7e15a76ca38226e8829.squirrel@www.trepanning.net> <AC1CFD94F59A264488DC2BEC3E890DE505A78497@xmb-sjc-225.amer.cisco.com>

Joseph Salowey writes...

> ...you could encrypt the attributes that need to be separated, such
> as keys, with an appropriate algorithm, such as SIV or the ever 
> unpopular AES keywrap, and then encapsulate the whole message 
> including the encrypted attributes with DTLS, IPSEC, etc. to 
> protect additional attributes in transit.
> 
> So, I don't view these mechanisms as mutually exclusive.

In point of fact, based on the notion that NASes may be required to continue
using the legacy UDP-based RADIUS, these approaches may be complementary.
There may be cases where encrypted attributes are preferable to encrypted
transport.  The converse may also be true.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- RADEXT WG re-charter
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- Re: RADEXT WG re-charter
  - From: <Bernard_Aboba@hotmail.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Glen Zorn" <glenzorn@comcast.net>
- RE: RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
- RE: RADEXT WG re-charter
  - From: "Dan Harkins" <dharkins@lounge.org>
- RE: RADEXT WG re-charter
  - From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>

Prev by Date: RE: RADEXT WG re-charter
Next by Date: RE: Meaning of "backward compatible" WAS RE: Consensus Call on RADEXT WG re-charter
Previous by thread: RE: RADEXT WG re-charter
Next by thread: RE: [Isms] What granularity of attributes do we need for the secure transport?
Index(es):
- Date
- Thread