[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RADIUS keywrap attributes
- To: radiusext@ops.ietf.org
- Subject: RE: RADIUS keywrap attributes
- From: Bernard Aboba <aboba@internaut.com>
- Date: Sun, 21 Aug 2005 00:29:21 -0700 (PDT)
- Cc: "Zhang, Tiebing" <TZhang@3eti.com>, Russ Housley <housley@vigilsec.com>
- In-reply-to: <2A5E4540D4D5934D9A1E7E0B0FDB2D6901032503@MAANDMBX2.ets.enterasys.com>
- References: <2A5E4540D4D5934D9A1E7E0B0FDB2D6901032503@MAANDMBX2.ets.enterasys.com>
> > I was under the impression that this was outside the scope of the WG
> > charter. Has this changed recently?
The RADEXT WG charter was written based on liaison requests from SDOs
including IEEE 802.11. The IEEE 802 attribute draft, developed to
respond to those requests, included keying attributes from the beginning.
So yes, keying attributes are within the RADEXT WG charter.
While keying attributes are within the scope of the RADEXT WG charter,
I am not clear what the criteria are for IESG approval. Satisfying the
requirements in "AAA Key Management" (draft-housley) could prove quite
difficult. One of the requirements of draft-housley is
to avoid disclosure of keying material to unauthorized parties. This
hurdle was overcome in RFC 4072 using Diameter redirect.
However, it is not clear to me that it would be possible to retrofit
a redirect mechanism within RADIUS. Since CMS failed to gain
traction within Diameter, I see no reason why that would be viable for
RADIUS, either. The presentation at IETF 63 discussed a number of other
alternatives, some of which are subjects of current research (the DNSSEC
approach under development within Terena).
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>