Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03
"David B. Nelson" <dnelson@elbrysnetworks.com> Wed, 12 March 2008 23:16 UTC
Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5F9F28C670; Wed, 12 Mar 2008 16:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.822
X-Spam-Level:
X-Spam-Status: No, score=-100.822 tagged_above=-999 required=5 tests=[AWL=-0.385, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m1yHL+btaozG; Wed, 12 Mar 2008 16:16:32 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20DF428C1B5; Wed, 12 Mar 2008 16:16:32 -0700 (PDT)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 905333A68A9 for <hokey@core3.amsl.com>; Wed, 12 Mar 2008 16:16:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZRIG-r2dauI for <hokey@core3.amsl.com>; Wed, 12 Mar 2008 16:16:29 -0700 (PDT)
Received: from gumby.elbrysnetworks.com (mail.elbrysnetworks.com [64.140.243.164]) by core3.amsl.com (Postfix) with SMTP id 9BA063A6894 for <hokey@ietf.org>; Wed, 12 Mar 2008 16:16:29 -0700 (PDT)
Received: (qmail 7809 invoked from network); 12 Mar 2008 19:14:09 -0400
Received: from unknown (HELO xpsuperdvd2) (172.22.23.9) by gumby.elbrysnetworks.com with SMTP; 12 Mar 2008 19:14:09 -0400
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
To: 'Glen Zorn' <glenzorn@comcast.net>, 'Lakshminath Dondeti' <ldondeti@qualcomm.com>
References: <003601c88386$d06b7a20$091716ac@xpsuperdvd2> <47D69F03.3030800@qualcomm.com> <002401c88487$99e12660$091716ac@xpsuperdvd2> <001101c8848e$2e04ad20$2d01f00a@arubanetworks.com>
Date: Wed, 12 Mar 2008 19:12:49 -0400
Organization: Elbrys Networks, Inc.
Message-ID: <003f01c88496$97b60b30$091716ac@xpsuperdvd2>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <001101c8848e$2e04ad20$2d01f00a@arubanetworks.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Thread-Index: AciDiPPZHcUdU+98TbC66jCoRaIFogA/V3JQAAGwtqAAAi5joA==
Cc: Bernard_Aboba@hotmail.com, hokey@ietf.org
Subject: Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org
Glen writes... > > If I understand the direction in HOKEY, there will be an > > un-encrypted RADIUS Key Container Attribute defined for use in > > HOKEY, within a HOKEY draft. > > I'm not at all sure that that is a good idea -- it seems to assume the > usage of an external-to-RADIUS protection method (DTLS, IPsec, etc.) & > preclude the usage of RADIUS-based protection (e.g., key wrap). Why do you say that? If we have Encrypted Attributes in RADIUS, surely that specifies an internal-to-RADIUS cryptographic protection mechanism. Cannot the HOKEY Key Container attribute use the Encrypted Attribute format? > > RADEXT will continue to pursue Crypto-Agility for > > cryptographic protection on *any* attribute through a merger > > of two of Glen's drafts (Key Wrap and Encrypted Attributes). > > Other RADIUS protection options are RADIUS over DTLS, RADSEC > > and RADIUS over IPsec. > > Actually, only RADIUS over DTLS really qualifies, I think: IPsec is > inappropriate for a couple of reasons... But it is apparently is use as would work in those deployments. _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www.ietf.org/mailman/listinfo/hokey
- Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03 Glen Zorn
- Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03 David B. Nelson
- Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03 David B. Nelson
- Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03 Bernard Aboba
- Re: [HOKEY] draft-gaonkar-radext-erp-attrs-03 Glen Zorn