public secret and public radius server. Is it secure?

Alan DeKok aland at nitros9.org
Tue Jun 6 17:22:14 CEST 2006


Stefan Winter <stefan.winter at restena.lu> wrote:
> this is again an example where a RadSec extension would come in extremely 
> handy. Short wrapup: RadSec establishes connections via TCP and TLS and 
> transports the RADIUS payload over it, so clients can be identified by their 
> TLS certificate; IPs and shred secrets become obsolete.

  This is *extremely* useful, and solves a lot of deployment problems.

> I am working on a formal specification of RadSec right now, of which
> I hope it will somehow find a way into the Informational RFC
> track. There is a lot more potential in it than the OSC Whitepaper
> suggests.

  I'm available to work on it too, if you need help.

> It would be really great to get an implementation of this in FR.

  I don't think it's that hard, it just needs to be done.

  Alan DeKok.



More information about the Freeradius-Users mailing list