RE: draft-gaonkar-radext-erp-attrs-03
"David B. Nelson" <dnelson@elbrysnetworks.com> Thu, 13 March 2008 23:41 UTC
Return-Path: <owner-radiusext@ops.ietf.org>
X-Original-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Delivered-To: ietfarch-radext-archive-IeZ9sae2@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2B9603A6CD5 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Thu, 13 Mar 2008 16:41:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.39
X-Spam-Level:
X-Spam-Status: No, score=-0.39 tagged_above=-999 required=5 tests=[AWL=0.105, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3yLdqfW9aG88 for <ietfarch-radext-archive-IeZ9sae2@core3.amsl.com>; Thu, 13 Mar 2008 16:41:36 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 25DA228C190 for <radext-archive-IeZ9sae2@lists.ietf.org>; Thu, 13 Mar 2008 16:41:36 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.68 (FreeBSD)) (envelope-from <owner-radiusext@ops.ietf.org>) id 1JZwxB-000LxQ-Tn for radiusext-data@psg.com; Thu, 13 Mar 2008 23:35:17 +0000
Received: from [64.140.243.164] (helo=gumby.elbrysnetworks.com) by psg.com with smtp (Exim 4.68 (FreeBSD)) (envelope-from <dnelson@elbrysnetworks.com>) id 1JZwx7-000LwP-Of for radiusext@ops.ietf.org; Thu, 13 Mar 2008 23:35:15 +0000
Received: (qmail 3702 invoked from network); 13 Mar 2008 19:35:10 -0400
Received: from unknown (HELO xpsuperdvd2) (172.22.23.9) by gumby.elbrysnetworks.com with SMTP; 13 Mar 2008 19:35:10 -0400
From: "David B. Nelson" <dnelson@elbrysnetworks.com>
To: Bernard_Aboba@hotmail.com, 'Lakshminath Dondeti' <ldondeti@qualcomm.com>
Cc: kgaonkar3@gatech.edu, vidyan@qualcomm.com, glenzorn@comcast.net, 'Charles Clancy' <clancy@cs.umd.edu>, radiusext@ops.ietf.org, jsalowey@cisco.com, hzhou@cisco.com
References: <003601c88386$d06b7a20$091716ac@xpsuperdvd2> <47D69F03.3030800@qualcomm.com> <001b01c88552$5cf769f0$091716ac@xpsuperdvd2> <47D99FEA.1090308@qualcomm.com> <002201c88554$8820b0d0$091716ac@xpsuperdvd2> <BLU137-DS1267F0076896D2FC57FFF93090@phx.gbl>
Subject: RE: draft-gaonkar-radext-erp-attrs-03
Date: Thu, 13 Mar 2008 19:33:48 -0400
Organization: Elbrys Networks, Inc.
Message-ID: <002f01c88562$b06a8800$091716ac@xpsuperdvd2>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <BLU137-DS1267F0076896D2FC57FFF93090@phx.gbl>
Thread-Index: AciFYVEobo92qnlVTHaWcPTCGzR/6AAAAXOA
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Sender: owner-radiusext@ops.ietf.org
Precedence: bulk
> > There is a desire to use NIST-approved key-wrap > > algorithms for wrapping keys, and those algorithms are inappropriate for > > general-purpose data encryption. > > I'm not sure why this is a problem. The encrypted attribute > container can include an algorithm field, so that it would be possible to > encrypt one bag of attributes (not keys) with one algorithm, while using > a keywrap algorithm for another bag (which represent keys). In our hallway discussion of this afternoon, Joe Salowey indicated that his preference is to make it harder for an implementer to make the mistake of using the incorrect class of cipher-suite, e.g. to protect general data with a key-wrap (too weak) or protect a key with a non-NIST-approved algorithm. Otherwise, we could do as you suggest. I had made the same point during our discussion. > * Are general encryption algorithms suitable for use in encrypting keys? There are really two questions -- (a) "is the algorithm and mode suitably strong?" and (b) "is it NIST-approved?" The former is easier to satisfy. -- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>
- Re: draft-gaonkar-radext-erp-attrs-03 Bernard_Aboba
- RE: draft-gaonkar-radext-erp-attrs-03 David B. Nelson
- Re: draft-gaonkar-radext-erp-attrs-03 Stefan Winter
- RE: draft-gaonkar-radext-erp-attrs-03 David B. Nelson
- RE: draft-gaonkar-radext-erp-attrs-03 Glen Zorn