[radext] RFC 7360 on Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS
Michael Richardson
mcr at sandelman.ca
Fri Sep 5 15:01:25 CEST 2014
rfc-editor at rfc-editor.org wrote:
> Title: Datagram Transport Layer Security (DTLS) as a Transport
> Layer for RADIUS Author: A. DeKok Status: Experimental Stream: IETF
Nice.
On the topic of radiusclient: I've updated ServPOET from a really old version
of radiusclient (one prior to freeradius!), to the latest git tree, and I've
updated the client with some IPv6 TLV needs.
I will issue a pull request soonish.
DTLS support for radiusclient would be a good thing to do; I wonder how
small it can be made... I'm thinking that using raw public support in
DTLS along with TOFU would be a really simple way to bootstrap (the admin
would have to lock down the keys using a "mv" operation...)
I haven't read 7360, so far all I know, you say exactly that.
btw, I really dislike having to carry all the dictionary files into an
appliance system, and worse, parsing the files in each of the 6000 pppd's
that runs. I'm thinking of a preparse dictionaries to .c data structure
mechanism... what do you think? It seems that client systems that link
radiusclient *know* what TLVs they can deal with, the admin can not really
add any new ones unless there is a scripting system on the client system.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
More information about the Freeradius-Devel
mailing list