ietf
[Top] [All Lists]

Re: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

2006-11-09 09:20:17
"Yoshihiro" == Yoshihiro Ohba <yohba(_at_)tari(_dot_)toshiba(_dot_)com> 
writes:

    Yoshihiro> On Wed, Nov 08, 2006 at 02:00:14PM -0800, Bernard Aboba
    Yoshihiro> wrote:
    >> I believe that the document will have implications for the
    >> RADIUS protocol.  For example, during the RADEXT WG meeting at
    >> IETF 67, we discussed the need for crypto-agility in RADIUS,
    >> and the current lack of ability to negotiate cryptographic
    >> algorithms.  This is why Crypto-agility was added as a RADEXT
    >> WG work item.
    >> 
    >> Since Diameter already supports cryptographic algorithm
    >> negotiation, I do not believe that crypto-agility is an issue
    >> there.
    >> 
    >> My reading of the document is that it does not impose any
    >> security requirements on EAP methods beyond those described in
    >> RFC 4017 and RFC 3748.  At least that is what is being assumed
    >> in the EAP Key Management Framework document, which cites RFC
    >> 4017 and RFC 3748 as meeting the requirements.
    >> 
    >> I think that the term 'AAA key management' applies to
    >> situations which involve use of AAA for derivation or transport
    >> of keying material.  In the case of EAP, that would include EAP
    >> methods, AAA protocols as well as the SAP.

    Yoshihiro> Does 'AAA key management' protocol also include EAP
    Yoshihiro> lower layer protocols such as 802.1X, PANA and IKEv2?

Yes.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf