RADIUS crypto-agility straw-man proposal
Alan DeKok <aland@nitros9.org> Mon, 26 February 2007 13:19 UTC
Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 26 Feb 2007 13:20:30 +0000
Message-ID: <45E2DE5B.2000707@nitros9.org>
Date: Mon, 26 Feb 2007 14:19:23 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: "David B. Nelson" <d.b.nelson@comcast.net>
CC: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: RADIUS crypto-agility straw-man proposal
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
I do not have significant comments on the straw-man set of requirements. Therefore, I have a straw-man proposal. http://deployingradius.com/ietf/draft-dekok-radext-dtls-00.txt It was just submitted to the I-D editor, so it should make the -00 deadline. The content is a little rough, but the general idea should be adequately covered. In short, "RADIUS + DTLS" == "better security". Other groups are using DTLS for securing pre-existing UDP protocols. One draft (draft-jennings-sip-dtls-00.txt) is about 3 pages long, and says little other than "use DTLS". That would appear to indicate that it may be that easy to add DTLS support to RADIUS. Alan DeKok. -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- RADIUS crypto-agility straw-man proposal Alan DeKok