[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RADEXT WG re-charter
email@example.com <> scribbled on Monday, April 14, 2008 9:48
> Glen Zorn writes...
>> There was indeed discussion, but mostly in the form of various
>> assertions by the radext Chairs that this would be a good idea;
> That much is largely true.
>> ... I don't recall anything like consensus around this topic.
> Unless I much mistake the poll questions and results that
> Charles facilitated during the HOKEY meeting, there was
> consensus in the room.
I really appreciate your judgment of consensus in the hokey WG. Please
drop by more often.
> Of course, that is subject to
> consensus on the list. I'm also aware that you think this it not a
> good idea.
>> I guess, then, that "gaining FIPS certification" is an unsatisfactory
>> answer, since that was the one I (among others) gave. So what would
>> be a satisfactory answer?
> Well, "gaining FIPS certification" for a product release is
> likely a very fine thing indeed. I guess the question is
> whether the only way to do that is to use the AES key-wrap as
> described in draft-zorn-radius-keywrap-13.txt, or whether
> another NIST-approved algorithm, designed for bulk data
> encryption might also be used?
> In the latter case we solve
> the more general problem, without requiring separate attribute
> formats for keys and general purpose data.
'Frankly, my dear, I don't give a damn.' I do find it quite fascinating
to observe this whole thing happening in (very) slow motion. It's been
nearly 4 years (!) since draft-zorn-radius-keywrap-00.txt was posted &
in that period of time every trick in the book (& I'm sure some that
were new additions) has been used to ignore, delay or kill it;
furthermore, for at least 3 years there have been at 2 (or more)
independent, interoperable implementations that were FIPS-certified.
But wait! Let's spend a little (lot) more time conjecturing about
another way, a way to solve "the general problem" (AKA "boiling the
ocean" if it's a proposal we don't care for). Well, gosh, no thanks,
but you guys go ahead & have fun!
> to unsubscribe send a message to
> firstname.lastname@example.org with the word 'unsubscribe' in
> a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.