Why don't you try reading about EAP and 802.1X too?
I did.
Interesting, noted. It would be nice if this works in a similar way as the SSL handshake works - this is very secure, tested and already established in the real world.
Of course it does, it's using TLS... Thank you.
You think the RADSEC guys are going to mess with it just because it's used for transporting RADIUS packets?
Where did I said or implied that? Touche!
OK, my understanding of EAP-TTLS/EAP-TLS is that the authentication happens in two distinct stages: the first stage (EAP-TTLS) is the outer authentication where the server presents its credentials/certificate to the client and then the secure channel is established. Phase two (EAP-TLS in my case) is where the client - via its client certificate - is actually authenticated to the RADIUS server. Now, I was hoping that the AP does this in a similar sort of way when authenticating itself to the RADIUS server, but it seems that is not the case and this is indeed a weak point.
No the NAS (It can be a WAP, VPN concentrator, Switch, Router, Terminal Server) - Does not use EAP-TTLS or any EAP based authentication method to communicate with the RADIUS server directly.
As previously mentioned RADSEC does what you're asking. There's also plans for a DTLS transport layer (http://tools.ietf.org/html/draft-dekok-radext-dtls-03).
But neither have been implemented by NAS vendors yet. If you want to have a secure channel of communication between the RADIUS server run the UDP packets through a VPN, or implemented a local proxy on the NAS to translate between UDP and RADSEC.
Tunnelling is something I might consider as an alternative, thanks again for the explanation.
Additionally, if you're using EAP-TTLS-TLS, why do you need the RADIUS communications to be secure? The sensitive data is already encrypted. In fact why are you using EAP-TTLS-TLS unless you're transporting something extra in the TTLS tunnel? Seems sort of pointless to me...
Well, my understanding is that the communication between AP and RADIUS is not encrypted, isn't that so?
My question still remains though - since this is a two-phase authentication, two distinct sets of (ca, server, client) certificates can be used. How do I specify these in RADIUS?
raddb/modules/eap.conf - You can specify the signing CA for peer certificates for EAP-TLS.
You can use two instances of the module, one for outer and one for inner if it helps you understand the concept any better.
Yep, that seems like a good plan - Phil Mayers was kind enough to explain it to me. I'll probably do a bit of digging before delving in with RADIUS myself.