[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RADEXT WG re-charter
Glen Zorn writes...
> There was indeed discussion, but mostly in the form of various
> assertions by the radext Chairs that this would be a good idea;
That much is largely true.
>... I don't recall anything like consensus around this topic.
Unless I much mistake the poll questions and results that Charles
facilitated during the HOKEY meeting, there was consensus in the room. Of
course, that is subject to consensus on the list. I'm also aware that you
think this it not a good idea.
> I guess, then, that "gaining FIPS certification" is an unsatisfactory
> answer, since that was the one I (among others) gave. So what would
> be a satisfactory answer?
Well, "gaining FIPS certification" for a product release is likely a very
fine thing indeed. I guess the question is whether the only way to do that
is to use the AES key-wrap as described in draft-zorn-radius-keywrap-13.txt,
or whether another NIST-approved algorithm, designed for bulk data
encryption might also be used? In the latter case we solve the more general
problem, without requiring separate attribute formats for keys and general
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.