| Re: crypto algorithms for DTLS | <– Date –> <– Thread –> |
From: Abhijit Choudhury (achoudhu) (achoudhu cisco.com)
|
|
| Date: Wed, 9 Jul 2008 14:49:55 -0700 (PDT) | |
Hi Scott, My understanding is that DTLS1.2 will use the ciphers specified in TLS1.2, which has already been approved. The DTLS1.2 spec will not have new ciphers, but will possibly have details on how to use these ciphers in DTLS. Please correct me if I'm wrong here. So, we should be okay adding these approved TLS ciphers to the OPTIONAL list, although it's true that they will not be used until DTLS1.2 is finalized. But the list is only OPTIONAL and there are other optional ciphers as well. If we take this path, we don't have to touch this spec later to add these ciphers. If we go the other route, how do we see it being done ? Will we need a draft to specify just the deltas in using DTLS1.2 for CAPWAP ? The concern I have is that it's not clear if the CAPWAP WG will be active at that point to take up this new work item. Thoughts ? Abhijit -----Original Message----- From: Scott Kelly [mailto:skelly [at] arubanetworks.com] Sent: Wednesday, July 09, 2008 2:20 PM To: Pat Calhoun (pacalhou); Abhijit Choudhury (achoudhu); Dorothy.Gellert [at] nokia.com; Joseph Salowey (jsalowey) Cc: capwap [at] frascone.com Subject: RE: [Capwap] crypto algorithms for DTLS Pat Calhoun wrote: > Ah, so this is a much larger change than simply adding two ciphers as > MAY. I don't have visibility into TLS1.2 and DTLS1.2, and therefore > have no idea whether this would break anything. > > Scott and CAPWAP chairs, do we go ahead with this change? Given it has > been through IETF and IESG review, I suspect it would make sense to > use the latest version. Referencing DTLS algs which are not yet standardized seems a little bit risky, and also would require a bit of wink wink nudge nudge in the process. Kind of calls the credibility of this whole exercise into question. How bad would it be to wait? It would simply require spinning out a new brief 3-5 page doc updating to DTLS1.2. This wouldn't prevent anyone who wants to from implementing the algorithms. Is there any compelling reason to ram this through rather than waiting for DTLS1.2 to be published? --Scott
- Re: crypto algorithms for DTLS, (continued)
- Re: crypto algorithms for DTLS Abhijit Choudhury (achoudhu), July 9 2008
- Re: crypto algorithms for DTLS Pat Calhoun (pacalhou), July 9 2008
- Re: crypto algorithms for DTLS Pat Calhoun (pacalhou), July 9 2008
- Re: crypto algorithms for DTLS Scott Kelly, July 9 2008
- Re: crypto algorithms for DTLS Abhijit Choudhury (achoudhu), July 9 2008
- Re: crypto algorithms for DTLS Scott Kelly, July 10 2008
- Re: crypto algorithms for DTLS Pat Calhoun (pacalhou), July 10 2008
- Re: crypto algorithms for DTLS Abhijit Choudhury (achoudhu), July 10 2008
- Re: crypto algorithms for DTLS Pat Calhoun (pacalhou), July 10 2008
Results generated by Tiger Technologies using MHonArc.