Stefan Winter <stefan.winter@restena.lu> wrote:
this is again an example where a RadSec extension would come in extremely handy. Short wrapup: RadSec establishes connections via TCP and TLS and transports the RADIUS payload over it, so clients can be identified by their TLS certificate; IPs and shred secrets become obsolete.
This is *extremely* useful, and solves a lot of deployment problems.
I am working on a formal specification of RadSec right now, of which I hope it will somehow find a way into the Informational RFC track. There is a lot more potential in it than the OSC Whitepaper suggests.
I'm available to work on it too, if you need help.
It would be really great to get an implementation of this in FR.
I don't think it's that hard, it just needs to be done. Alan DeKok.