Radius, Radsec, Diameter [was: Silly question - secure Radius?]
Artur Hecker
hecker at enst.fr
Sun Jul 10 04:35:38 CEST 2005
you might be right. yet i think that we might ignore some opportunities
which would be possible/supported by diameter. i really believe that
current usage produces demand in the same manner as demand influences
the usage. using additional web-based "touches" to trigger server
solicitations by the client is indeed quite ridiculous.
the main problem with radius is IMHO its client-server nature. it
inherently lacks control. also TCP in dimaeter and defined TLS in proxy
mode might be advantageous.
ciao
artur
Alan DeKok wrote:
> Artur Hecker <hecker at enst.fr> wrote:
>
>>well, that's not the point since diameter would be backwards compatible
>>to radius... but i do ask myself what the manufacturers are waiting for.
>>it could be at least an option.
>
>
> Diameter will be interesting ole when manufacturers ship millions of
> boxes with diameter.
>
> Why don't they? Let's look at what they need from RADIUS or diameter:
>
> 1) username/password authentication. Yup, RADIUS does this.
> 2) EAP->AAA for wireless. Yup, RADIUS does this.
>
> The nice thing about RADIUS is that it's so easy to implement. In
> contrast, diameter is 1000x more complicated than RADIUS, and it only
> solve .1% more problems than RADIUS. Diameter is not going to be
> widely deployed.
>
> Ever.
>
>
>>see also "open diameter". it even does EAP...
>
>
> Not as many EAP methods as FreeRADIUS. :)
>
> Adding EAP-FAST to FreeRADIUS may not be too hard, either.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list