IETF Logo Mail Archive

RE: RADEXT WG re-charter

"David B. Nelson" <dnelson@elbrysnetworks.com> Mon, 14 April 2008 17:37 UTC

Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 14A173A69B8 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Mon, 14 Apr 2008 10:37:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.844
X-Spam-Level:
X-Spam-Status: No, score=-0.844 tagged_above=-999 required=5 tests=[AWL=-0.349, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRT3nnhQMDfa for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Mon, 14 Apr 2008 10:37:00 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 0C2733A69F3 for <radext-archive-IeZ9sae2@lists.ietf.org>; Mon, 14 Apr 2008 10:37:00 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.68 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1JlSYF-000Nkt-Ok for radiusext-data@psg.com; Mon, 14 Apr 2008 17:33:07 +0000
Received: from [64.140.243.164] (helo=gumby.elbrysnetworks.com) by psg.com with smtp (Exim 4.68 (FreeBSD)) (envelope-from <dnelson@elbrysnetworks.com>) id 1JlSYC-000NT4-Nf for radiusext@ops.ietf.org; Mon, 14 Apr 2008 17:33:06 +0000
Received: (qmail 16546 invoked from network); 14 Apr 2008 13:31:48 -0400
Received: from unknown (HELO xpsuperdvd2) (172.22.18.93) by gumby.elbrysnetworks.com with SMTP; 14 Apr 2008 13:31:48 -0400
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
To: radiusext@ops.ietf.org, 'Glen Zorn' <glenzorn@comcast.net>
Cc: "'Joseph Salowey (jsalowey)'" <jsalowey@cisco.com>, Bernard_Aboba@hotmail.com
References: <BLU137-W48C2DDC500B37865CBBD9F93F50@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE50598D1E3@xmb-sjc-225.amer.cisco.com> <BLU137-DS39DAA210AA10B0CDB138F93EC0@phx.gbl> <AC1CFD94F59A264488DC2BEC3E890DE505A01761@xmb-sjc-225.amer.cisco.com> <010001c89c27$8a6ff5f0$1f0a0a0a@xpsuperdvd2> <001801c89e36$38856cf0$33da787c@arubanetworks.com> <019e01c89e3e$87835030$1f0a0a0a@xpsuperdvd2> <001d01c89e4f$53bed740$33da787c@arubanetworks.com>
Subject: RE: RADEXT WG re-charter
Date: Mon, 14 Apr 2008 13:29:10 -0400
Organization: Elbrys Networks, Inc.
Message-ID: <01b201c89e55$0cab70b0$1f0a0a0a@xpsuperdvd2>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Thread-Index: AcibKmpZgzQ6RN9kSDumURarkD8Q7QA1pQQAAAk0NnAARmUsYAA/TUJQAAOwYFAAAers8A==
In-Reply-To: <001d01c89e4f$53bed740$33da787c@arubanetworks.com>
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk

Glen Zorn writes...

> 'Frankly, my dear, I don't give a damn.' 

Cute...

> It's been nearly 4 years (!) since draft-zorn-radius-keywrap-00.txt
> was posted ... for at least 3 years there have been at 2 (or more)
> independent, interoperable implementations that were FIPS-certified.

Given that there are implementations of this key-wrap scheme, presumably
using VSAs, it might be well to publish an Information RFC, describing the
actual implementations, using those VSAs.

> But wait!  Let's spend a little (lot) more time conjecturing about
> another way, a way to solve "the general problem" (AKA "boiling the
> ocean" if it's a proposal we don't care for).  Well, gosh, no thanks,
> but you guys go ahead & have fun!

RADEXT has a chartered work item to address crypto-agility.  We have
requirements for this wok, and we now have an ID capturing those
requirements.  We don't have a requirement to specifically address key-wrap,
as a separate problem.  My questions is whether RADEXT really needs to
create two drafts to satisfy the crypto-agility work item, one for key-wrap
and one for general purpose encrypted attributes.  The fact that solutions,
and drafts, exist to address key-wrap and encrypted attributes separately is
a point in favor of retaining the separation.  I'm just questioning whether
that's a sufficient basis on which to decide that we need such separation of
concerns.

If the consensus us of the WG is that we should proceed with separate
documents for key-wrap and general crypto-agility, we can propose doing that
in our revised charter.  It would be nice, however, to have a reason beyond
the existence of (4 year old) drafts that are structured that way.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

v2.23.0 | Report a Bug | By Email