public secret and public radius server. Is it secure?

Stefan Winter stefan.winter at
Thu Jun 15 12:38:41 CEST 2006


> > this is again an example where a RadSec extension would come in extremely
> > handy. Short wrapup: RadSec establishes connections via TCP and TLS and
> > transports the RADIUS payload over it, so clients can be identified by
> > their TLS certificate; IPs and shred secrets become obsolete.
>   This is *extremely* useful, and solves a lot of deployment problems.
> > I am working on a formal specification of RadSec right now, of which
> > I hope it will somehow find a way into the Informational RFC
> > track. There is a lot more potential in it than the OSC Whitepaper
> > suggests.
>   I'm available to work on it too, if you need help.

Well, I wanted to get started in the next days. I thought of providing a rough 
draft, based on OSCs whitepaper, and share that with you and OSC. It will 
also go through a review on a (public) Task Force, the TERENA Task Force 
"Mobility", creator of a worldwide roaming service for the education and 
research community:[topic_id]=2

Later on, it is hopefully good enough to be considered as worthy of getting an 
(informational?) RFC number at the IETF.


Stefan Winter


Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at     Tel.:     +352 424409-1                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list