RE: Open issues on the Crypto-Agility Requirements draft

["Dave Nelson" <d.b.nelson@comcast.net>]

Alan DeKok writes...

>   The alternative to TLS methods is something like the following
> (created after about 10 minutes of thought).
> 
>   1) Change MD5 to SHA-256
>   2) Set the high bit in the RADIUS "code" field.

Well, the term "crypto-agility" implies that the protocol is not bound to
any *single* cipher-suite.  Substituting SHA-256 for MD5 would not be a
crypto-agility solution, IMO.  It would be a "fix" for internal RADIUS
security until such time as SHA-256 becomes ineffective.

One *could* make the argument that RADIUS doesn't need to be crypto-agile,
all we need is a "fix" for the internal security mechanisms to tide us over
until the transport wrapper security mechanisms are widely deployed.

In terms of revising the RADIUS Crypto-agility Requirements draft, it would
be helpful to know whether the WG still thinks that RADIUS needs internal
security that is indeed crypto-agile.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>