Crypto-Agility Requirements for Remote Authentication Dial-In User Service (RADIUS)
RFC 6421
Note: This ballot was opened for revision 07 and is now closed.
(Jari Arkko) Yes
(Dan Romascanu) Yes
(Ron Bonica) No Objection
(Stewart Bryant) No Objection
(Gonzalo Camarillo) No Objection
(Wesley Eddy) No Objection
(Adrian Farrel) No Objection
(Stephen Farrell) No Objection
Comment (2011-07-14 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
send info
(1) You might want to say that RECOMMENDED is the same as SHOULD where you define conditional compliance. (2) Its not entirely clear whether or not protection against bidding down is a SHOULD or MUST. 4.2 seems to make it a MUST, but 4.3 seems to open up such an attack ("If a response is not received...a new request can be composed using legacy mechanisms"). Maybe the latter just applies when the legacy mechanisms remain unbroken? If so, then clarifying that might be good.
(David Harrington) (was Discuss) No Objection
(Russ Housley) (was Discuss) No Objection
(Pete Resnick) No Objection
(Peter Saint-Andre) No Objection
(Robert Sparks) No Objection
(Sean Turner) No Objection
Comment (2011-07-14 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
send info
Section 2: r/can selected/can be selected Section 4.2: maybe add a reference to RFC 5280 in the following: it is RECOMMENDED that a RADIUS crypto-agility solution support X.509 certificates *[RFC5280]* for authentication between the NAS and RADIUS server