[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: E2E and crypto-agility
What is "end to end" ?
I think it means something like "protection of RADIUS attributes from
disclosure to parties other than the NAS and home server".
I don't see how we could do NAS to home server key transport in
RADIUS. So the answer is (I think) "No".
In the AAA WG there were a number of mechanisms investigated by
which a NAS and home server could derive a key that could be
used to protect attributes from disclosure to proxies. These methods
included Kerberos and CMS. For example, see:
So I think the question is not "can it be done?" but rather
"how does this relate to RADIUS crypto-agility?" and
"should solving this problem be a requirement?"
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.