Skip to main content

Crypto-Agility Requirements for Remote Authentication Dial-In User Service (RADIUS)

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>,
    radext mailing list <>,
    radext chair <>
Subject: Document Action: 'Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS)' to Informational RFC (draft-ietf-radext-crypto-agility-requirements-07.txt)

The IESG has approved the following document:
- 'Crypto-Agility Requirements for Remote Dial-In User Service (RADIUS)'
  (draft-ietf-radext-crypto-agility-requirements-07.txt) as an
Informational RFC

This document is the product of the RADIUS EXTensions Working Group.

The IESG contact persons are Dan Romascanu and Ron Bonica.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

  This memo describes the requirements for a crypto-agility solution
   for Remote Authentication Dial-In User Service (RADIUS) 
   as well as the process by which crypto-agility solutions will be
  developed and published by the RADEXT working group. Crypto-
  agility is defined as the ability of RADIUS implementations to
  automatically negotiate cryptographic algorithms for use in RADIUS
  exchanges, including the algorithms used to integrity protect and
  authenticate RADIUS packets and to hide RADIUS attributes.
  Negotiation of cryptographic algorithms may occur within the RADIUS
  protocol, or within a lower layer such as the transport layer.

Working Group Summary

  The document has adequate review from members of the community.
  Work on crypto-agility requirements began at IETF 66. A working
  definition of crypto-agility was discussed during the RADEXT WG
  session at IETF 68. The initial WG last call completed on August
  10, 2008, and the WG last call issues were resolved at IETF 73
  and on the mailing list. The document was then reviewed by the
  Security Area Director (Pasi Eronen) on February 18, 2009.
  The major items brought up during this review and subsequent
  discussions related to the role of automated key management,
  as well as security properties such as perfect forward secrecy.
  The final RADEXT WG last call completed on May 1, 2011.
  There appears to be strong consensus behind the document.

Document Quality

  The document has been reviewed by participants within the IETF 
  RADEXT WG, as well as by external reviewers. It has completed two 
  RADEXT WG last calls.

RFC Editor Note