[radext] RFC 7360 on Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS

Michael Richardson mcr at sandelman.ca
Fri Sep 5 15:01:25 CEST 2014

rfc-editor at rfc-editor.org wrote:
    >         Title: Datagram Transport Layer Security (DTLS) as a Transport
    > Layer for RADIUS Author: A. DeKok Status: Experimental Stream: IETF


On the topic of radiusclient: I've updated ServPOET from a really old version
of radiusclient (one prior to freeradius!), to the latest git tree, and I've
updated the client with some IPv6 TLV needs.
I will issue a pull request soonish.

DTLS support for radiusclient would be a good thing to do; I wonder how
small it can be made...  I'm thinking that using raw public support in
DTLS along with TOFU would be a really simple way to bootstrap (the admin
would have to lock down the keys using a "mv" operation...)

I haven't read 7360, so far all I know, you say exactly that.

btw, I really dislike having to carry all the dictionary files into an
appliance system, and worse, parsing the files in each of the 6000 pppd's
that runs.  I'm thinking of a preparse dictionaries to .c data structure
mechanism... what do you think?  It seems that client systems that link
radiusclient *know* what TLVs they can deal with, the admin can not really
add any new ones unless there is a scripting system on the client system.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

More information about the Freeradius-Devel mailing list