[Emu] Issue #15: Algorithm agility and certs

To: <emu at ietf.org>
Subject: [Emu] Issue #15: Algorithm agility and certs
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Thu, 6 Aug 2009 12:15:47 -0700
Authentication-results: sj-dkim-1; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=750; t=1249586148; x=1250450148; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20Issue=20#15=3A=20Algorithm=20agility=20and=20ce rts |Sender:=20; bh=lTBy2AF6JzXpICcyoEn/yjEMP3BFHCpjrzDazL5CANs=; b=oJGoaBL+0y59lBv7R2yMB/vzj4HdWRO9z2/lKCtDduYnAzt5B16iVpmmQt k7Ja8zwn+Hn1zcnowT1I7aaLqC5oAyO+26S9KLuZ03CIWZhIMpy5JQaXPPeL 3Tfkl54+ub+MzDHGwBMt+T7W67RBO5sLfSuNDPR/BZ35C59Cwt/Yo=;
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AcoWxmERgUoSkKTXSIaLQkc/rqy6NgAA7MTg
Thread-topic: Issue #15: Algorithm agility and certs

Issue:

Sec. 4.1.1 has requirements on algorithm agility. They are important,
but insufficient. I propose to mention that when the tunnel method uses
certificates, it MUST be possible to migrate to new algorithms for such
certificates as well. (This possibly belongs in 4.2.1). 

Comment:

 Proposed Text in section 4.1.1:

 " The tunnel method MUST NOT be tied to any single cryptographic
    algorithm.  Instead, it MUST support run-time negotiation to select
    among an extensible set of cryptographic algorithms.  This includes
algorithms used with certificates presented during tunnel establishment.
 ..."

--
Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/15#comment:1>
emu <http://tools.ietf.org/wg/emu/>

Follow-Ups:
- Re: [Emu] Issue #15: Algorithm agility and certs
  - From: Yaron Sheffer

Prev by Date: [Emu] Issue #14 Emergency auth
Next by Date: [Emu] Issue #16: Server auth
Previous by thread: [Emu] Issue #14 Emergency auth
Next by thread: Re: [Emu] Issue #15: Algorithm agility and certs
Index(es):
- Date
- Thread

[Emu] Issue #15: Algorithm agility and certs

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.