[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RADEXT WG re-charter
Bernard Aboba writes...
> At IETF 71, the technical discussion brought up the following points:
> a. The integrity protection for keywrap is considerably *weaker*
> (e.g. 64 bits) than for standard MIC algorithms.
> b. Encryption algorithms for keywrap cannot be securely used to do
> bulk encryption of data, but algorithms that can do bulk encryption
> can securely be used to encrypt keys.
Are there specific recommendations (e.g. an "SP" series document) from NIST
that cover the use of bulk encryption algorithms to encrypt keys?
> c. Existing IETF standards (such as Diameter EAP, RFC 4702) use TLS to
> protect keys.
> Given this, I would suggest that assertions made about NIST positions
> should be ruled out of scope, unless they come directly from
> representatives of NIST.
Or presumably from existing NIST publications...
I tend to think (individual opinion) that facilitating FIPS "certifiable"
implementations might be a reasonable requirement to be added into the
RADIUS Crypto-Agility Requirements draft, assuming the reference is to an
existing NIST publication. I understand that these publications would
discuss algorithms and modes only, and not cover how to encapsulate a key in
a RADIUS attribute.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.