The IESG has approved the following document: - 'Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS)' (draft-ietf-radext-crypto-agility-requirements-07.txt) as an Informational RFC This document is the product of the RADIUS EXTensions Working Group. The IESG contact persons are Dan Romascanu and Ron Bonica. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-radext-crypto-agility-requirements/ Technical Summary This memo describes the requirements for a crypto-agility solution for Remote Authentication Dial-In User Service (RADIUS) as well as the process by which crypto-agility solutions will be developed and published by the RADEXT working group. Crypto- agility is defined as the ability of RADIUS implementations to automatically negotiate cryptographic algorithms for use in RADIUS exchanges, including the algorithms used to integrity protect and authenticate RADIUS packets and to hide RADIUS attributes. Negotiation of cryptographic algorithms may occur within the RADIUS protocol, or within a lower layer such as the transport layer. Working Group Summary The document has adequate review from members of the community. Work on crypto-agility requirements began at IETF 66. A working definition of crypto-agility was discussed during the RADEXT WG session at IETF 68. The initial WG last call completed on August 10, 2008, and the WG last call issues were resolved at IETF 73 and on the mailing list. The document was then reviewed by the Security Area Director (Pasi Eronen) on February 18, 2009. The major items brought up during this review and subsequent discussions related to the role of automated key management, as well as security properties such as perfect forward secrecy. The final RADEXT WG last call completed on May 1, 2011. There appears to be strong consensus behind the document. Document Quality The document has been reviewed by participants within the IETF RADEXT WG, as well as by external reviewers. It has completed two RADEXT WG last calls. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
