[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Issue 282: cipher suites, discussion needed
You could just leave this to the TLS specification. For version 1.0 and 1.1 it is TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and for 1.2 it is TLS_RSA_WITH_AES_128_CBC_SHA. If it is common today for implementations also to implement the RC4 ciphers you can have that as a recommendation as well. Something like:
"RADSEC implementation MUST support he mandatory to implement cipher suites specified in TLS. For purposes of compatibility with some current deployments implementations SHOULD support TLS_RSA_WITH_RC4_128_SHA as well."
Cheers,
Joe
> -----Original Message-----
> From: Stefan Winter [mailto:stefan.winter@restena.lu]
> Sent: Wednesday, February 11, 2009 1:13 AM
> To: Joseph Salowey (jsalowey)
> Cc: radiusext@ops.ietf.org
> Subject: Issue 282: cipher suites, discussion needed
>
> Hi,
>
> > 3. I'm not sure I understand the choice of ciphersuites.
> >
> > Why is TLS_RSA_WITH_RC4_128_SHA recommended? It seems that
> it would
> > be much preferable to use AES or 3DES?
> >
>
> I could use a little help here. Is there anyone willing to
> investigate cipher suite selection? An alternative would be
> to follow the path of e.g. the EAP tunnel reqs, which cite
> NIST references for acceptable cipher suites...
>
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education
> Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>