[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[radext] #92: End-to-end versus hop-by-hop confidentiality
#92: End-to-end versus hop-by-hop confidentiality
The document currently does not make it clear what the requirements are
for end-to-end confidentiality.
The proposal is to change the text on "Limit Key Scope" in Section 4.2 to
the following:
Limit key scope
It is RECOMMENDED that solutions enable a NAS and RADIUS server to
exchange confidential information such as keying material without
disclosure to third parties. In order to accomplish this, it is
RECOMMENDED that a RADIUS crypto-agility solution be compatible
with NAI-based Dynamic Peer Discovery [RADYN] as well as that it
support the use of public key credentials for authentication
between the NAS and RADIUS server.
For compatibility with existing operations, RADIUS crypto-agility
solutions SHOULD also support pre-shared key credentials. However,
support for end-to-end confidentiality of attributes or direct
communications between the NAS and RADIUS server is not required
when pre-shared key credentials are used.
--
---------------------------------------+------------------------------------
Reporter: bernard_aboba@â | Owner:
Type: defect | Status: new
Priority: major | Milestone: milestone1
Component: Crypto-Agility | Version:
Severity: Active WG Document | Keywords:
---------------------------------------+------------------------------------
Ticket URL: <http://wiki.tools.ietf.org/wg/radext/trac/ticket/92>
radext <http://tools.ietf.org/radext/>
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>