Hi,
this is again an example where a RadSec extension would come in extremely handy. Short wrapup: RadSec establishes connections via TCP and TLS and transports the RADIUS payload over it, so clients can be identified by their TLS certificate; IPs and shred secrets become obsolete.
This is *extremely* useful, and solves a lot of deployment problems.
I am working on a formal specification of RadSec right now, of which I hope it will somehow find a way into the Informational RFC track. There is a lot more potential in it than the OSC Whitepaper suggests.
I'm available to work on it too, if you need help.
Well, I wanted to get started in the next days. I thought of providing a rough draft, based on OSCs whitepaper, and share that with you and OSC. It will also go through a review on a (public) Task Force, the TERENA Task Force "Mobility", creator of a worldwide roaming service for the education and research community: http://www.terena.nl/activities/index.php?action=set_filters&filters[topic_id]=2 Later on, it is hopefully good enough to be considered as worthy of getting an (informational?) RFC number at the IETF. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473