This memo describes the requirements for a crypto-agility solution
for Remote Authentication Dial-In User Service (RADIUS)
as well as the process by which crypto-agility solutions will be
developed and published by the RADEXT working group. Crypto-
agility is defined as the ability of RADIUS implementations to
automatically negotiate cryptographic algorithms for use in RADIUS
exchanges, including the algorithms used to integrity protect and
authenticate RADIUS packets and to hide RADIUS attributes.
Negotiation of cryptographic algorithms may occur within the RADIUS
protocol, or within a lower layer such as the transport layer.
Working Group Summary
The document has adequate review from members of the community.
Work on crypto-agility requirements began at IETF 66. A working
definition of crypto-agility was discussed during the RADEXT WG
session at IETF 68. The initial WG last call completed on August
10, 2008, and the WG last call issues were resolved at IETF 73
and on the mailing list. The document was then reviewed by the
Security Area Director (Pasi Eronen) on February 18, 2009.
The major items brought up during this review and subsequent
discussions related to the role of automated key management,
as well as security properties such as perfect forward secrecy.
The final RADEXT WG last call completed on May 1, 2011.
There appears to be strong consensus behind the document.
The document has been reviewed by participants within the IETF
RADEXT WG, as well as by external reviewers. It has completed two
RADEXT WG last calls.