RADIUS crypto-agility straw-man proposal

Alan DeKok <aland@nitros9.org> Mon, 26 February 2007 13:19 UTC

Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 26 Feb 2007 13:20:30 +0000
Message-ID: <45E2DE5B.2000707@nitros9.org>
Date: Mon, 26 Feb 2007 14:19:23 +0100
From: Alan DeKok <aland@nitros9.org>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: "David B. Nelson" <d.b.nelson@comcast.net>
CC: 'radext mailing list' <radiusext@ops.ietf.org>
Subject: RADIUS crypto-agility straw-man proposal
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

  I do not have significant comments on the straw-man set of
requirements.  Therefore, I have a straw-man proposal.

http://deployingradius.com/ietf/draft-dekok-radext-dtls-00.txt

  It was just submitted to the I-D editor, so it should make the -00
deadline.

  The content is a little rough, but the general idea should be
adequately covered.  In short, "RADIUS + DTLS" == "better security".

  Other groups are using DTLS for securing pre-existing UDP protocols.
One draft (draft-jennings-sip-dtls-00.txt) is about 3 pages long, and
says little other than "use DTLS".  That would appear to indicate that
it may be that easy to add DTLS support to RADIUS.

  Alan DeKok.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

RADIUS crypto-agility straw-man proposal Alan DeKok