[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [radext] #23: Comments
#23: Comments
Changes (by bernard_aboba@â):
* status: new => closed
* resolution: => fixed
Comment:
Updated proposal. Add the following text to the end of Section 2:
Negotiation of cryptographic algorithms MAY occur within the RADIUS
protocol, or within a lower layer such as the transport layer. Since
RADIUS is a request/response protocol, the ability to negotiate
cryptographic algorithms within RADIUS is inherently limited. While
a RADIUS request can provide a list of supported cryptographic
algorithms which can selected for use within a response, prior to the
receipt of a response, the cryptographic algorithms utilized to
provide security services within the request will need to be pre-
configured. Since legacy implementations not supporting crypto-
agility will silently discard requests not protected by legacy
algorithms, in the absence of knowledge about the capabilities of the
recipient, requests will need to be protected by legacy algorithms.
Within Section 4.3 delete:
Included in such negotiation techniques are "hint and
accept" and "hint and reject" mechanisms, where the NAS (RADIUS
client) provides a list of supported algorithms and the RADIUS server
selects one.
--
----------------------------------+-----------------------------------------
Reporter: glenzorn@â | Owner: bernard_aboba@â
Type: defect | Status: closed
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version: 1.0
Severity: Active WG Document | Resolution: fixed
Keywords: |
----------------------------------+-----------------------------------------
Ticket URL: <https://wiki.tools.ietf.org/wg/radext/trac/ticket/23#comment:2>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>